homelab/.sops.yaml

creation_rules:
  # Platform secrets
  - path_regex: platform/.*/.*secret.*\.yaml$
    encrypted_regex: ^(data|stringData|password|token|apiKey|secret|key|auth|\.dockerconfigjson)$
    age: age1c7ke5ajhtzua7lrvzsg2p7krnnqv5jhvafh4lsl2s022j46jggnss4rxry

  # Bootstrap secrets
  - path_regex: bootstrap/.*\.yaml$
    encrypted_regex: ^(data|stringData|password|token|apiKey|secret|key)$
    age: age1c7ke5ajhtzua7lrvzsg2p7krnnqv5jhvafh4lsl2s022j46jggnss4rxry

  # Default rule for all encrypted files
  - path_regex: .*\.enc\.yaml$
    encrypted_regex: ^(data|stringData|password|token|apiKey|secret|key)$
    age: age1c7ke5ajhtzua7lrvzsg2p7krnnqv5jhvafh4lsl2s022j46jggnss4rxry

  # Alternative pattern for secrets files
  - path_regex: secrets.*\.yaml$
    encrypted_regex: ^(data|stringData|password|token|apiKey|secret|key)$
    age: age1c7ke5ajhtzua7lrvzsg2p7krnnqv5jhvafh4lsl2s022j46jggnss4rxry