9d0e6843f4
- .sops.yaml: creation rules matching .env.{dev,prod}.sops (dotenv format)
- .env.dev.sops: encrypted dev defaults (blank API keys, local paths)
- .env.prod.sops: encrypted prod template (placeholder values to fill in)
- Makefile: root Makefile with secrets-decrypt-dev/prod, secrets-edit-dev/prod, css-build/watch
- .gitignore: add age-key.txt
Dev workflow: make secrets-decrypt-dev → .env (repo root) → web app picks it up.
Server: deploy.sh will auto-decrypt .env.prod.sops on each deploy.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
6 lines
316 B
YAML
6 lines
316 B
YAML
creation_rules:
|
|
- path_regex: \.env\.(dev|prod)\.sops$
|
|
# Developer workstation key. Add server key after running infra/setup_server.sh.
|
|
# To add the server key: update this file, then run: sops updatekeys .env.dev.sops .env.prod.sops
|
|
age: age1f5002gj4s78jju45jd28kuejtcfhn5cdujz885fl7z2p9ym68pnsgky87a
|