# This example uses YAML anchors which allows reuse of multiple keys
# without having to repeat yourself.
# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
# for a more complex example.
keys:
  - &users
    - &swarsel 4BE7925262289B476DBBC17B76FD3810215AE097
  - &hosts
    - &winters age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63
    - &toto age1qzh3u0804q3xtfz6ujp3ffqm38jxlwr2h720mqvnjg56scf96q9qn5wkk8
    - &surface age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg
    - &nbl age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy
    - &sync age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h
creation_rules:
  - path_regex: secrets/general/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *winters
      - *toto
      - *surface
      - *nbl
  - path_regex: secrets/certs/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *winters
      - *toto
      - *surface
      - *winters
  - path_regex: secrets/winters/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *winters
  - path_regex: secrets/work/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *nbl
  - path_regex: secrets/sync/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *sync