19 lines
843 B
YAML
19 lines
843 B
YAML
# creation rules are evaluated sequentially, the first match wins
|
|
creation_rules:
|
|
# - encrypted_regex: (key|user|username|password|passwd|email|stringData)$
|
|
# upon creation of a file that matches the pattern *.dev.yaml,
|
|
# KMS set A as well as PGP and age is used
|
|
- path_regex: \.k\.dev\.yaml$
|
|
age: 'age129h70qwx39k7h5x6l9hg566nwm53527zvamre8vep9e3plsm44uqgy8gla'
|
|
|
|
# prod files use KMS set B in the PROD IAM, PGP and age
|
|
- path_regex: \.k\.prod\.yaml$
|
|
age: 'age129h70qwx39k7h5x6l9hg566nwm53527zvamre8vep9e3plsm44uqgy8gla'
|
|
|
|
# Finally, if the rules above have not matched, this one is a
|
|
# catchall that will encrypt the file using KMS set C as well as PGP
|
|
# The absence of a path_regex means it will match everything
|
|
-
|
|
age: age1vjvgsyr2nef6rk60gj54yqqqdjtc7saj63fxr3ec567wycnrlqxscdyw34
|
|
|