Divided who can provision and who can access the machines

2025-08-22 18:13:31 +02:00 · 2025-08-22 18:13:31 +02:00 · 06536ac58b
commit 06536ac58b
parent 00574c51b3
4 changed files with 13 additions and 12 deletions
--- a/secrets.nix
+++ b/secrets.nix
@ -39,6 +39,6 @@ in
 builtins.listToAttrs (
  map (secretName: {
    name = "secrets/${secretName}.age";
-    value.publicKeys = secrets."${secretName}" ++ keys.infra-core;
+    value.publicKeys = secrets."${secretName}" ++ keys.provisioning-machine;
  }) (builtins.attrNames secrets)
 )