From eb886a81ee3925dd4189b2c7ee61240fa19dbcf5 Mon Sep 17 00:00:00 2001 From: Danny Grove Date: Mon, 8 Jun 2020 10:51:36 -0700 Subject: [PATCH] docs: Add documentation on rotating secrets encrypted with sops --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index c97d65f1..8f043bbb 100644 --- a/README.md +++ b/README.md @@ -29,3 +29,15 @@ An existing admin will need to generate a password for the new admin. Add the new user to the default argo project (`argocd/projects/default.yaml`). Have the new user create a password for accessing metrics and hash it with `htpasswd -n -B adminusername`. Add it to `monitoring/user-auth.env.yaml`. + +### Removing an Admin + +Remove the admin's PGP key from `.sops.yaml`, then run: + +```sh +for file in **/*.enc.yaml; do + sops -r -i $file +done +``` + +It is also highly recommended that any passwords or secrets the admin had access to be rotated.