add sops and beta specific decryption key

.gitignore

@@ -26,3 +26,7 @@ vite.config.ts.timestamp-*
 
 
 .DS_Store
+
+
+# keys
+.age.txt

.sops.yaml

@@ -0,0 +1,4 @@
+creation_rules:
+  - path_regex: env/base/master\.json$
+    pgp: 4FA79E5B6598505C8DFA30A7A466CEE1415C0B9C
+  - age: age1d5vst0g82v6xml29ydsrxefmf3vclgm6dj3npw6mefa7yu9xueaqztjqlg

.tool-versions

@@ -7,3 +7,5 @@ buf 1.17.0
 k9s 0.26.3
 golang 1.19
 nodejs lts
+sops 3.7.3
+jq 1.6

Makefile

@@ -69,7 +69,7 @@ gen: $(GOBIN)/sqlc buf.lock
 
 
 .PHONY: setup
-setup: $(GOBIN)/sqlc $(GOBIN)/buf
+setup: $(GOBIN)/sqlc $(GOBIN)/buf ./env/beta/.age.txt
 	@asdf install || true
 
 buf.lock: $(GOBIN)/buf
@@ -85,3 +85,11 @@ $(GOBIN)/sqlc:
 	@KUBECONFIG=$(KUBECONFIG) ctlptl create registry kind-bh-registry --port=5005
 	@KUBECONFIG=$(KUBECONFIG) ctlptl create cluster kind --name=kind-bh-local --registry=kind-bh-registry --kubernetes-version $(K8S_VERSION)
 	@kind get kubeconfig --name=bh-local > .kubeconfig
+
+# used to encrypt/decrypt sensitive values with sops
+age_identity=$(shell sops -d ./env/beta/master.json)
+./env/beta/.age.txt:
+	@echo "# created: $(shell echo '$(age_identity)' | jq -r '.created')" >> $@
+	@echo "# public key: $(shell echo '$(age_identity)' | jq -r '.public_key')" >> $@
+	@echo "$(shell echo '$(age_identity)' | jq -r '.private_key')" >> $@
+	@echo "$@ created!"

env/beta/master.json

@@ -0,0 +1,23 @@
+{
+	"created": "ENC[AES256_GCM,data:eyA43QPLejsqy/4SSWOkaLPMO2+EbuifxQ==,iv:0wEGpIk4023HaDqmXlCimTC4AviguxqzO8LSCIoBPow=,tag:XmpNZzlxNinyPnWP0U7dXQ==,type:str]",
+	"public_key": "ENC[AES256_GCM,data:f7DxyKaLbgjHvTmNNa6K/pGqFtxrm/JmTQs+I00YQpr4XP8ja0ff+7vM2qi8hzYWQsZ8wiIr/VsPImi/RPQ=,iv:O23u+cuva4qJZ/OpVEoYr3o5X4GxsPt+U3Q5GgQLymc=,tag:6XJtLb/g+WJLhsFH6M6FlA==,type:str]",
+	"private_key": "ENC[AES256_GCM,data:TTVQUdE+Xd1M3RHix2bkxggrxo3ILdmonjNcq9Ticb2WSIG+IuR+lytgSb+7UHzjFx8wr/lMfap/v7lAum+nYw08Fd56t0B4aHI=,iv:CmYfrd2MtwoyLxjqWC3TZRdK9CRs96n4BYo51MY6uzs=,tag:GYfVWSYE05/tdRaul4JPxw==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": null,
+		"lastmodified": "2023-05-27T01:53:31Z",
+		"mac": "ENC[AES256_GCM,data:nUmf5oSS+I7WPoJZ4hCpamhQRYeAeSWnzNM6OMAkar+ZXJ/LMynUNy2BA9hHbX6sNoMh7jrGrABAwfXqoGVCkl0F3PtHGky59uiQ0jmSU48n504dhL8/5kr16MeGSMCuVnp+oVy9V9tYFxt4LTxVzMK9mBr92B7kcRqKsb7jO6w=,iv:A5kjc0qtrTTTDOKBgKLslPwv+InCGNVOWLu1T3LmIYw=,tag:2vhk0BEk6MSZHW8zHrIuQg==,type:str]",
+		"pgp": [
+			{
+				"created_at": "2023-05-27T01:53:31Z",
+				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAzSNwvjPuwiyAQ/9F9BIr5Qu9VC2y8gIBjNKiDxbR5sOo0gopJnCtAWoM4RU\nZO4aU3+MlUjr25PfYauqmdyc86vzDshbyfsQ8uQJW20pl4wJFzbtsSEgMio89FE5\nlfyKB9WcTvivrVUYSarXE7DrPvdr5qOh5qUrc6HLGaniwyN3MxGnm/qu5Ip2z3i8\n6g2GarUJmWXF1U8F0oXw069ImgvTd1u2gUC+CXMDSW+38FYN5dmtbo271g9/7Ikl\nEaP+7B9PlPUAav8IE/k/dGwqeQOjiEce6h0rxyl8PqgcTvxpaJ8Kd197iTovXeyt\nAK1Fv9sMVBBGi/pma85cPxkn8vU68v6LQJvMSwAJ8y+2rXrUb7nxFt1+iBvJWwRr\napGBhceLriV1eL9l0CtLpZNrQvvldF8mNMaNK0vVGdsDrHZq2wU9jSeKZq92Cy2y\nQ+0sEPlBKJIRTcrghtOgKbNatNWM7zShwmxAJ4Kw6qFSpEOTj9Y4WOL70ivWynSt\np7aaKbSwtwBcXezZZqp1C5/xlcrWal83bsjUqAnXhd30VYBw66JGhZa2PkD0VyqL\n4yoCUC9H8Ea8XtD/z4iG4y8z2yn/+Qa3KoW6vTp78i8OzdzqnfLB9pa6rinueaeV\n1S9y6B+kvwdqDTtgrIfGMUifaE0qE2ZKiPGbyKnqjUrBmY9VUsAQNTkfgXIhQnDS\nXAGDvTBFmmdZzEWE/OP+l1tdk88HJzfhDxIXxdncIYW79ib7bKoqRW6CcrPawxC+\nDn4ykqRZZNYw4j207YXqvYZWBKRCnInWKPmyfT9Ozfd7/HZnX91cKIawwPz2\n=ufAq\n-----END PGP MESSAGE-----\n",
+				"fp": "A466CEE1415C0B9C"
+			}
+		],
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.7.3"
+	}
+}