From 44ba137c4e4360eedc24767c872a0122162070df Mon Sep 17 00:00:00 2001 From: voidarc Date: Thu, 2 Jul 2026 08:55:10 +0100 Subject: [PATCH] added secrets management and rolled keys Can't just have my keys out in the open air anymore :( Rolled and encrypted my gotify keys so that you cant see my notifications anymore --- .config/gotify-desktop/config.toml | 2 +- .gitignore | 3 +++ .gitsecret/keys/pubring.kbx | Bin 0 -> 646 bytes .gitsecret/keys/pubring.kbx~ | Bin 0 -> 32 bytes .gitsecret/keys/trustdb.gpg | Bin 0 -> 1200 bytes .gitsecret/paths/mapping.cfg | 1 + .nixos | 2 +- .secret-gotify.secret | 2 ++ doot/config.toml | 4 ++++ 9 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 .gitsecret/keys/pubring.kbx create mode 100644 .gitsecret/keys/pubring.kbx~ create mode 100644 .gitsecret/keys/trustdb.gpg create mode 100644 .gitsecret/paths/mapping.cfg create mode 100644 .secret-gotify.secret diff --git a/.config/gotify-desktop/config.toml b/.config/gotify-desktop/config.toml index c002779f..ddd5a5a6 100644 --- a/.config/gotify-desktop/config.toml +++ b/.config/gotify-desktop/config.toml @@ -3,7 +3,7 @@ url = "wss://ntfy.voidarc.co.uk:443" # secret gotify token -token = "C5YKvW5h3NfJJIB" +token = { command = "cat /home/user01/.dotfiles/.secret-gotify"} # if you want to get the token from a password manager, or other external command, # you can also use for example: # token = { command = "secret-tool lookup Title 'Gotify token'" } diff --git a/.gitignore b/.gitignore index 1f8011aa..6e4b9ec3 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,4 @@ .session +.gitsecret/keys/random_seed +!*.secret +.secret-gotify diff --git a/.gitsecret/keys/pubring.kbx b/.gitsecret/keys/pubring.kbx new file mode 100644 index 0000000000000000000000000000000000000000..f28bf7d4e320f18224f696d48d9cf1ad30a150d1 GIT binary patch literal 646 zcmZQzU{GLWWMJ}kib!Jsf-E=Dy&w!?LjY466C;>a$H2gNg@K7dCjHb~mnAP&Zd16? zxasKa`qIaS+<`z93LsUV&dr>;W^?e)MJ>t#e?Pr?$NFPk7Ess*BnJeH3_L*cFc52l zxIoibz%&{GbiqE5&_jVYvY+z$x26~NQhXpuXgt)-rGCh=$ z6%;TJukO{Ku*Edww#HNz4ymTLd)KP|E_##qO7@;s{O)TezRZjq>>U*>5f%G;VCa}T36 z+@faJLRN4cowNM+#@9|p2b`}wO1#embGzmI*M_T`e9xt*Ckߋ))=eBxYO +Rf Mn1YsYca|o\&:xNguq)et1RO VՔu=}㺴{YM6Fʟٮj& \ No newline at end of file diff --git a/doot/config.toml b/doot/config.toml index 33ce4606..49f78a14 100644 --- a/doot/config.toml +++ b/doot/config.toml @@ -11,6 +11,10 @@ exclude_files = [ ".gitignore", ".session", ".gitmodules", + ".gitsecret", + "*.secret", + "**/.devenv", + ".secret*" ] # Files and directories that are always symlinked, overriding `exclude_files`. Each entry is a glob pattern relative to the dotfiles directory.