From 550530ccd69ca14755db1e1f3373527d12468450 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sat, 14 Aug 2021 01:59:26 +0200
Subject: [PATCH] feat(sops): Extend keys that are encrypted to names and email

This patch should help to hide semi-sensitive information. While an
email address or DNS name is not secret, it also doesn't need to be
exposed to everyone as easy as possible. E.g. being easy to scrape.
Therefore this patch masks these values in the config. No security gain
here, just annoying potential spammers and attackers.
---
 .sops.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.sops.yaml b/.sops.yaml
index 3564c5d11..ceef7359d 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,6 +1,6 @@
 creation_rules:
   - path_regex: clusters/okd4/.*.yaml
-    encrypted_regex: ^(data|stringData)$
+    encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?)$
     pgp: >-
       9D02A9AD73EF7F3D5F657AC2B392F6EB325E8C50,
       286791FB6648539775DB31B8FCB98C2A3EC6F601
-- 
GitLab