Added agenix-rekey

secrets/age-yubikey-identity-d9ed335b.pub

@@ -0,0 +1,7 @@
+#       Serial: 27501992, Slot: 1
+#         Name: agenix-rekey-alpha
+#      Created: Sat, 20 Dec 2025 06:01:41 +0000
+#   PIN policy: Once   (A PIN is required once per session, if set)
+# Touch policy: Always (A physical touch is required for every decryption)
+#    Recipient: age1yubikey1qvq48l020xg9xtt5epdpnzp3kvkm2vvc57357p58pyfq557a8q8hv84c82e
+AGE-PLUGIN-YUBIKEY-14ZJ6XQVZM8KNXKCT2PKLW

secrets/rekeyed/vanta/40b96312f0efd258467853db2ff842cb-tailscale-auth.age

@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 7p4RPw HgBYYM/VqZ4KN4V4TrGmk86wPRhDgM+VaXfa3VlODRM
+OdM//HvJTzB7/jw+c+6euiYz9ptUf/z22tzJSgxTD+w
+-> B%P@9-grease
+Zgr76aiZDhCWBdnbxoOptAfEuM1RWw1bN4rsUCec4VP0cDN856bCtaQjnWWbSTvv
+YPHtmw
+--- obv+bg63dTlnoke3tQdkAizcAqsYG2sUjYBZrhGZG68
+(2<><04>$<24>Y@<40><>i<EFBFBD>7<EFBFBD>j<EFBFBD><02><>ar<61>7<EFBFBD>X$U<><0E>~<7E><>|<7C><>'<14><><EFBFBD>oo`<60><><EFBFBD><EFBFBD><11>DƆ{<7B>#<23>%<25><<m<>O)V<><56>2C<17><!<21>e<EFBFBD>ݺ(24
<01><05><>~<7E><>

secrets/rekeyed/vanta/853ffda11ae0836ce38bb5da13840b31-eclypse-password.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 7p4RPw FdmJ1odfweTU4HWPTeWuEcoIUq1V4ke28BWmlNNdNHg
+9qi5QQHociRgSzZ97HifRDf+/Hh0cCZJzFsobpP1cpU
+-> 4pq5-grease
+yKZUs4lQM6BQgsyzMn3T1pvUt393/NvcRe7KwuTCDCU
+--- N7NO5Ps2SG3SFNNnNNvYUSGgA0b5Dk7H6+x0rt6JtXA
+Dl<EFBFBD>]ep<>(F0i3<<3C><><EFBFBD><EFBFBD><EFBFBD>Sm<53>E<7F>Eh<45>
<01><>S<EFBFBD>eX<><0F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>V$0<>Ŝ<EFBFBD><C59C><EFBFBD>c`<60><>%<25><><EFBFBD><EFBFBD><EFBFBD>Q<EFBFBD><51><EFBFBD><17>7&<26>X,<0B><>Lo<4C><6F>?QQ+<2B>~|%{<7B><><EFBFBD>-V<>%H<>):ց]Kx<4B><78>K<EFBFBD><4B>NX<4E><58>6<EFBFBD><36>ۦejO<><4F>#X<><58>

secrets/secrets.nix

@@ -1,19 +0,0 @@
-# This file is NOT imported into the nix configuration, it is just for the agenix CLI
-let
-  # System public ssh keys (/etc/ssh/)
-  vanta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaDVBJdMDFL8r9NQCbaLe+DPHGhGzRv2N7+7m1/U8DP";
-in
-{
-  # Tailscale auth key need to be up to date with a valid auth key in the tailscale
-  # dashboard. Single-use keys expire after a single machine connects, and even
-  # reusable keys expire after 90 days.
-  # Update tailscale-auth.age with `agenix -e tailscale-auth.age -i /path/to/private-ssh-key`
-  # Note: Only devices with the below public keys are allowed to edit tailscale-auth.age
-  "tailscale-auth.age".publicKeys = [ vanta ]; # Devices allowed to join the tailnet;
-
-  # Devices that can connect to EclypseCloud with the eclypse user.
-  "eclypsecloud-eclypse.age".publicKeys = [ vanta ];
-
-  # Devices that have the eclypse user
-  "eclypse-password.age".publicKeys = [ vanta ];
-}

secrets/tailscale-auth.age

@@ -1,6 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 7p4RPw 7GuZj43+NoyPXf//ZLM99vossbJXOpDQSkBi3w51Wl8
-FTMjlyml+T87LQffffY2AJL5IhTAJF2QlfFvhvZpvOs
---- iONf8B3bUxXtCiv0EAv5QO0ZyhE5A6YfRbcxUr/awFg
-<EFBFBD><0E><><EFBFBD>Tw<54><77>J`<60>~B
-<EFBFBD><11>;<3B>lOh<4F><68>{2<>?<3F><>P<EFBFBD><50>F>@m<>
o<><6F>c<EFBFBD><1C>~X<>3<EFBFBD>@.g<0E>ھ<EFBFBD>eK<65><18>V7zphS<68><53>د6<D8AF><36>.W<><57>O@F	
+-> piv-p256 2e0zWw ApoXPsP2VGfJnOt+dDk7DfssOkbM/3vkn4jwSfxD4UAj
+jtn4DCA/EyrTl9DW1hs84yd3RgVuDU77ggM218HiUdc
+-> *E(-grease Ull1npy_ >F7 *?
+IM+85AtRNlMrFgqk/uAG
+--- nxCTKF6R3E/qaTTgr7jZdz4ZLRE15NsJpyKHizEJnPw
+<EFBFBD>><3E>"l<><6C><EFBFBD><14><>r<>sN<4E><7F>V*F<>I<7F>|<0E><>0X<30>8<EFBFBD><38>
+<EFBFBD><EFBFBD>|P<><50><EFBFBD><1C>F<EFBFBD><0C><>D<EFBFBD>\x<>Z<EFBFBD><5A>P<EFBFBD><50>]<5D>ʧ<EFBFBD>t-"n<>m<EFBFBD><6D><EFBFBD><EFBFBD><EFBFBD>&<26><>|<7C>	%<25><><EFBFBD><EFBFBD><EFBFBD>.ӆ