# This example uses YAML anchors which allows reuse of multiple keys 
# without having to repeat yourself.
# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
# for a more complex example.

keys:
  - &steveej 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
  - &steveej-t14 age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl
  - &elias-e525 100206d53cf92f62efd9d6b2672bf3644233c763

  - &sj-vps-htz0 age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv
  - &srv0-dmz0 age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3

creation_rules:
  - path_regex: ^(.+/|)secrets/[^/]+$
    key_groups:
    - pgp:
      - *steveej
      age:
      - *steveej-t14
      - *sj-vps-htz0
      - *srv0-dmz0
  - path_regex: ^secrets/steveej-t14/.+$
    key_groups:
    - pgp:
      - *steveej
      age:
      - *steveej-t14
  - path_regex: ^secrets/servers/.+$
    key_groups:
    - pgp:
      - *steveej
      age:
      - *sj-vps-htz0
  - path_regex: ^nix/os/containers/.+_secrets.+$
    key_groups:
    - pgp:
      - *steveej
      age:
      - *sj-vps-htz0