From 1be665dfd4d230c892815b7ef69a7b460bfe542b Mon Sep 17 00:00:00 2001
From: Raphael <rparodi@student.42.fr>
Date: Sun, 8 Mar 2026 17:54:39 +0100
Subject: [PATCH] feat(secrets): adding the vault secrets

---
 hosts/server/secrets.nix      |  13 +++++++++++++
 secrets/secrets.nix           |   2 ++
 secrets/vault-oidc-secret.age | Bin 0 -> 371 bytes
 secrets/vault-secret-env.age  |   9 +++++++++
 4 files changed, 24 insertions(+)
 create mode 100644 secrets/vault-oidc-secret.age
 create mode 100644 secrets/vault-secret-env.age

diff --git a/hosts/server/secrets.nix b/hosts/server/secrets.nix
index 9f439c6..c90b5e5 100644
--- a/hosts/server/secrets.nix
+++ b/hosts/server/secrets.nix
@@ -88,4 +88,17 @@
     mode = "0400";
   };
 
+  age.secrets."vault-oidc-secret" = {
+    file = ../../secrets/vault-oidc-secret.age;
+    owner = "kanidm";
+    group = "kanidm";
+    mode = "0400";
+  };
+
+  age.secrets."vault-secret-env" = {
+    file = ../../secrets/vault-secret-env.age;
+    owner = "vaultwarden";
+    group = "vaultwarden";
+    mode = "0400";
+  };
 }
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index f839cf6..3c4d101 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -22,4 +22,6 @@ in
   "forgejo-runner-token.age".publicKeys = users ++ systems;
   "kandim-admin.age".publicKeys = users ++ systems;
   "kandim-idmAdmin.age".publicKeys = users ++ systems;
+  "vault-secret-env.age".publicKeys = users ++ systems;
+  "vault-oidc-secret.age".publicKeys = users ++ systems;
 }
diff --git a/secrets/vault-oidc-secret.age b/secrets/vault-oidc-secret.age
new file mode 100644
index 0000000000000000000000000000000000000000..752b97a3228242fff297ee18f817b6812bd1711d
GIT binary patch
literal 371
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUltkgEhELSKt%E?N#
zG;&Rg$n(ic_AZa|@(xN*c8(~|jBqqEFV0H$v?vJ)4h^md3FHd!_f8C~(08ly%QA6G
zDT^qH^vL(jF*VgM&@Xe2O80X1*3PJOa`(#g%}2K_Ke;f|Cr}}yJgFo-Hz%XY(OEyy
zINik9sH&nk+pE&g*D>EUGe6Kb(#<3{L_Z|d(3Q)iEH}z6-6cvt$*tI@tT?2gz&O=C
zF)u$f&pV<xJR~{TJ2NxXCnMA=)PPG@S687tEY;oB$kfd<-_OD^v@$H&E!o8-$lSa<
zDkP;U!#Kq~tiUO)!ZOz&*n;acch9fuVrPpTBpB)*YHd-Kkok7RioZR0-?6iMJA?1%
z@?2agkm|huaR1}Qoe!H6cUshEs{ZUWx$@GxcFJ|peec(&OtpLLzr3J}o2SF4I@snN
E0Pu;1fdBvi

literal 0
HcmV?d00001

diff --git a/secrets/vault-secret-env.age b/secrets/vault-secret-env.age
new file mode 100644
index 0000000..e5cfb4b
--- /dev/null
+++ b/secrets/vault-secret-env.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 Iy+0iw rpRn2BgDtK3p1tHofUH/nCEwRh4z7rjAwLbvbhCTSkg
+6ZiVqx6pNZyYmhsDhZh3YG6+LKiRsnuWMfN8KzJLyhw
+-> ssh-ed25519 ocqiLQ AguX30lc6+1ckV3ENiHhboGyNyf2pN0hqIytsTAjwz4
+rAGWhtuROHn8p0eAGEKS6Xp+PyYmpbw2EbdadbfJxt0
+--- WA9Zus5yXPXPD+TiHyUlEIqozmvhAxWQTE6s2olZ1fs
+2*8ց3��g� �E(���+��<�t��������F����#v7C�+|
+ң��Z�Y(�.�۴D�.��r`�`�z�@����)141}�@��_��&����2���q�OH>��w[���<�r��3���rI¦M�b+��o90H�*D'�y�&�]�h1� 솥ݞ�s&����<�
�
+"�p������iQ�^�p9����b#�)ch*�;'"�g�Cv�f�����}���v
\ No newline at end of file