From 3f68d344d1fdd16f6bb78bae00990e7b1c382fc3 Mon Sep 17 00:00:00 2001
From: Julian Mutter <julian.mutter@comumail.de>
Date: Fri, 21 Mar 2025 21:44:01 +0100
Subject: [PATCH] Add secrets for builder

---
 .sops.yaml                   |  7 +++++++
 secrets/secrets-builder.yaml | 30 ++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 secrets/secrets-builder.yaml

diff --git a/.sops.yaml b/.sops.yaml
index ec6a5f0..27b7f17 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -2,6 +2,7 @@ keys:
   - &primary age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
   - &aspi-ssh age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
   - &pianonix-ssh age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct
+  - &builder-ssh age1kw4kmdm45zprvdkrrpvgq966l7585vhusmum083qlwnr0xxgd3uqatcyja
 creation_rules:
   - path_regex: secrets/secrets.yaml$
     key_groups:
@@ -10,6 +11,12 @@ creation_rules:
       - *aspi-ssh
       - *pianonix-ssh
 
+  - path_regex: secrets/secrets-builder.yaml$
+    key_groups:
+    - age:
+      - *primary
+      - *builder-ssh
+
   - path_regex: secrets/.+
     key_groups:
     - age:
diff --git a/secrets/secrets-builder.yaml b/secrets/secrets-builder.yaml
new file mode 100644
index 0000000..1660141
--- /dev/null
+++ b/secrets/secrets-builder.yaml
@@ -0,0 +1,30 @@
+gitea_token: ENC[AES256_GCM,data:FuLEQRo8NtCIsGhtksbaKTZGliiR/5lRr6wHQCArUNN1IXFpPW49k/hZl20Wgg==,iv:MN7FBNIms/5Q841gfikk4WMaqyuXOTSQifC9IKFF0AM=,tag:RZFnJ49RZ+z9kXoTHdtYug==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPaEtBdWM5WURZcllRVkp5
+            MjA2OVl6dzAzd3RjRGVDNzhuYjVXdjVEOGdFClEzenJhMjYwaW9hZGhXOVJLTjVY
+            NkJudW1tcHl3VGdKTHdmdmF6cHBqM0UKLS0tIGF4K0FMcnNhVWNZa1Q5Vzc5MFAr
+            UUJVNEpnYUN2UEp2N0UwUmJLd1NQQ1kK61EzjD/Z1VEWXHzmkih8/ZyXRoq/Ocpv
+            3dAWLVTGx6nsPHOkGZ9Hl0fMIOafu/kjO7ixzAeq21FluS97ZL/qLQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1kw4kmdm45zprvdkrrpvgq966l7585vhusmum083qlwnr0xxgd3uqatcyja
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKMVBwNmhlS3J1dGxVZkhm
+            UVhXemZQbGpJTEFNZlBkWTFhb0lmRStVQWlZCm15UXAvTTZWNS8zdWk4QjV5TlZp
+            TkxFK3dETTdSWGxBUGwzL284T2hReTAKLS0tIGp1TmV6Q2lMcDdVWTRXNHFMcWRn
+            eWFYMlY1MmEvWjVid2NJTmFMK0FXWWcKOtUk1kcSTj5UOBLESMwQLG+LtIDwUtMz
+            l5k02Zw2whQh6IrAqXhJSUpT6AiXSoYtcy5nNjZsoC53xsfLfu97kA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-03-21T20:07:45Z"
+    mac: ENC[AES256_GCM,data:VrZZ2fiv0JKPBijy+1s99D8FQvRFfoNZ48+58wy/Mir979GKihx/l7o3zYEpTWalRY8gbaHjLeH0i0bIgbGW4WQg+5gGZ4PjJhOMcZMAuMdoaGi0CqYOyOPXrzfDL8V5S5s1izjY/UhwURZdSiJeNfHS2cQVsFMt5vfTYSWDOM0=,iv:gVJPSVvKiCrb6KUyzfpO5ep1I8JTAHJGJCj22UhcV+o=,tag:9yGCU+5CtLOk+aa+pYrJ5g==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.4