From 4fd52921d6f693cd67a7dff1c7257c11e1f2f37a Mon Sep 17 00:00:00 2001
From: Yisroel Baum <yisroel.d.baum@gmail.com>
Date: Fri, 8 May 2026 15:58:20 +0300
Subject: [PATCH] add sops and secrets

---
 .sops.yaml        |  7 +++++++
 secrets/tide.yaml | 19 ++++++++++++++++---
 2 files changed, 23 insertions(+), 3 deletions(-)
 create mode 100644 .sops.yaml

diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..a57ed0d
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,7 @@
+keys:
+  - &server age1haj8v88kjna6ttkdufjpyjcf478kyvclnpdc8jwh97ewhqcc9eqsgrku4v
+creation_rules:
+  - path_regex: secrets/.*\.yaml$
+    key_groups:
+      - age:
+          - *server
diff --git a/secrets/tide.yaml b/secrets/tide.yaml
index fea1aa9..8fa3090 100644
--- a/secrets/tide.yaml
+++ b/secrets/tide.yaml
@@ -1,3 +1,16 @@
-# PLACEHOLDER - replace with sops-encrypted content before deploy.
-# See secrets/README.md and secrets/tide.yaml.example.
-tide-env: ""
+tide-env: ENC[AES256_GCM,data:F9pGLKJZWKf3YrH0uqEBtp+PMjjAeZV3jIr1zJln3m7JzW2NwcE7HoXhAmdJt41mh+qv0uK69dDJsOFfeqIOA6JRSUj8jB6lFoFBnPnee62V6HoLo+6KfVJ7ixK7sNO+GC+TJ4gVaUFuJPNlVCNJZUkoSEWl9fQA0TqzDh0fVqAyZAbiDGha4EeRSGkmQ4Ad/5uwITiWaLxmh5X1D3NQonK78OngGM2N1Uc=,iv:TcOVWdUZ7/osM2lhSuCPFZC4N5EFkGysBIL2ih9y/0Y=,tag:0R9Hue8jARMoHIfBb6lb6Q==,type:str]
+sops:
+    age:
+        - recipient: age1haj8v88kjna6ttkdufjpyjcf478kyvclnpdc8jwh97ewhqcc9eqsgrku4v
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnQ2RzU0NBUTBhQTBERnBm
+            RFRPdWlKRWtWMW8zaktGVyt5L3VPTENMakhVCjFsdStSbHFzdmFYcWxuU294VW5Q
+            MWVQMzlJdmdqTW93Q1MwaVRFaVIvY2sKLS0tIHJxUk96VjRLeWpIanBlNktESDhI
+            dS9VREordndFSVhnbXFCdUVFN0Z3aG8KN4h2ptJxttY/02FcmRqZa+ujom0LIS11
+            cS+qkrk7FnrTbSCNETtjc/FApLTxphptd93zCPJkQtulmo2d9soJlA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-05-08T12:15:46Z"
+    mac: ENC[AES256_GCM,data:nVcs2SaIYI8KGbWdAIr7PR7DoYQWaZohTkRqyRvdn6viI195UiL1Hecbujc/G6ODz0KFB60Mikbr0UlrnLm5ZMOTKxZClZcLbncqxMt6o6HoXrcthrSLnhz5vjSE+88rDKGZdSZp7tqlL7Ltx4r6wMNz+SGd2P73ZzWC9z900/g=,iv:R9dCH2NCT5KjsUS9Br88gliH7LdP+AOM75xT0YXauds=,tag:Ra9vmUHGZeH9ubCK6mBLDg==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0