deemanone/padelnomics
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: add SOPS secrets section to CLAUDE.md

Browse Source 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Deeman
2026-02-23 17:19:58 +01:00
parent 4ff0a0cce8
commit 18fab02d1e
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
.claude/CLAUDE.md
View File

@@ -119,6 +119,29 @@ litestream restore -config /etc/litestream.yml /data/landing/.state.sqlite
source /opt/padelnomics/.env && bash infra/restore_landing.sh source /opt/padelnomics/.env && bash infra/restore_landing.sh
``` ```
## Secrets management (SOPS + age)
Secrets are stored encrypted in the repo using SOPS with age encryption:
| File | Purpose |
|------|---------|
| `.env.dev.sops` | Dev defaults (safe/blank values) |
| `.env.prod.sops` | Production secrets |
| `.sops.yaml` | Maps file patterns to age public keys |
```bash
# Decrypt dev secrets to .env (one-time, or after changes)
make secrets-decrypt-dev
# Edit prod secrets (opens in $EDITOR, re-encrypts on save)
make secrets-edit-prod
# deploy.sh auto-decrypts .env.prod.sops → .env on the server
```
All env vars are defined in the sops files. See `.env.dev.sops` for the full list
(decrypt with `make secrets-decrypt-dev` to read).
## Environment variables ## Environment variables
| Variable | Default | Description | | Variable | Default | Description |