feat: use a separate passphraseless ssh key for agenix

2026-04-27 02:18:28 +02:00 · 2023-05-25 02:52:57 +08:00
parent 2c3df9ba1e
commit 2baeb2e284
5 changed files with 18 additions and 15 deletions
--- a/secrets/REAME.md
+++ b/secrets/REAME.md
@@ -50,9 +50,10 @@ Pretend you want to add a new secret file `xxx.age`, then:
  ```
 3. or you can also encrypt an existing file to `xxx.age` by command:
  ```shell
-  agenix -e ./encrypt/xxx.age < /path/to/xxx
+  cat /path/to/xxx | agenix -e ./encrypt/xxx.age
  ```

+the agenix use `~/.ssh/id_ed25519.pub` or `~/.ssh/id_rsa.pub` as encrypt key by default, you need to pass `--identity /path/to/key` to use a custom `/path/to/key.pub` for enctypt.

 ## Deploy Secrets