# Secrets Encrypted with [sops](https://github.com/getsops/sops) using the host's age key. ## First-time setup on the server 1. Generate an age key for the host: ``` sudo mkdir -p /var/lib/sops-nix sudo age-keygen -o /var/lib/sops-nix/key.txt sudo chmod 600 /var/lib/sops-nix/key.txt ``` 2. Read the public key: ``` sudo grep "public key" /var/lib/sops-nix/key.txt ``` 3. On a workstation, put that public key into `.sops.yaml` at the repo root and encrypt `tide.yaml.example` into `tide.yaml`. `tide.yaml` is encrypted and committed. `tide.yaml.example` is the plaintext template. ## Rabbi Gerzi Create `rabbi-gerzi.env` as a SOPS-encrypted dotenv file with: ```dotenv APP_KEY=base64:... RABBI_GERZI_INITIAL_ADMIN_EMAIL=... RABBI_GERZI_INITIAL_ADMIN_PASSWORD=... ```