docs: improved masterkey setup documentation
This commit is contained in:
30
README.md
30
README.md
@@ -27,7 +27,37 @@ git clone https://<your-gitea-host>/coulomb/railliance-hosts.git
|
|||||||
cd railiance-hosts
|
cd railiance-hosts
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## 📦 Prerequisites
|
||||||
|
|
||||||
|
To use RailianceHosts, make sure you have the following tools installed on your workstation:
|
||||||
|
|
||||||
|
- **Git** → for version control
|
||||||
|
- **age** → for key management and encryption ([Install guide](docs/age-keys.md))
|
||||||
|
- **SOPS** → for managing encrypted secrets ([SOPS GitHub](https://github.com/getsops/sops))
|
||||||
|
- **Terraform** → for provisioning infrastructure ([Terraform Downloads](https://developer.hashicorp.com/terraform/downloads))
|
||||||
|
- **Ansible** → for server configuration ([Ansible Installation Guide](https://docs.ansible.com/ansible/latest/installation_guide/))
|
||||||
|
- **Make** → to run the included `Makefile` tasks
|
||||||
|
|
||||||
|
### Example installation (Ubuntu/Debian)
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# System tools
|
||||||
|
sudo apt update
|
||||||
|
sudo apt install -y git make ansible
|
||||||
|
|
||||||
|
# Terraform
|
||||||
|
sudo apt install -y wget unzip
|
||||||
|
wget https://releases.hashicorp.com/terraform/1.9.5/terraform_1.9.5_linux_amd64.zip
|
||||||
|
unzip terraform_1.9.5_linux_amd64.zip
|
||||||
|
sudo mv terraform /usr/local/bin/
|
||||||
|
|
||||||
|
# age
|
||||||
|
sudo apt install age
|
||||||
|
|
||||||
|
# SOPS Get the latest release (example: v3.10.2 — check GitHub for updates)
|
||||||
|
wget https://github.com/getsops/sops/releases/download/v3.10.2/sops_3.10.2_amd64.deb
|
||||||
|
sudo apt install ./sops_3.10.2_amd64.deb
|
||||||
|
```
|
||||||
|
|
||||||
## 🔑 Secrets Management
|
## 🔑 Secrets Management
|
||||||
|
|
||||||
|
|||||||
@@ -5,15 +5,33 @@ You need to create your own **age keypair**, add the public key to the repo, and
|
|||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
## 0. Install Age & Sops
|
||||||
|
|
||||||
|
First, make sure **age** is installed on your workstation.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo apt update
|
||||||
|
sudo apt install age
|
||||||
|
age --version
|
||||||
|
```
|
||||||
|
|
||||||
|
To install Sops grab the binary release and install it.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
wget https://github.com/getsops/sops/releases/download/v3.10.2/sops_3.10.2_amd64.deb
|
||||||
|
sudo apt install ./sops_3.10.2_amd64.deb
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
## 1. Generate an Age Keypair
|
## 1. Generate an Age Keypair
|
||||||
|
|
||||||
On your workstation, run:
|
On your workstation, run:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
age-keygen -o ~/.config/age/key.txt
|
age-keygen -o ~/.config/sops/age/key.txt
|
||||||
```
|
```
|
||||||
|
|
||||||
- This creates a new keypair and stores it at `~/.config/age/key.txt`.
|
- This creates a new keypair and stores it at `~/.config/sops/age/key.txt`.
|
||||||
- The private key must **never** be committed to Git. Keep it safe (e.g., in your password manager or vault).
|
- The private key must **never** be committed to Git. Keep it safe (e.g., in your password manager or vault).
|
||||||
- The public key looks like this:
|
- The public key looks like this:
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user