about summary refs log tree commit diff
path: root/hosts
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--hosts/tahoe/secrets/buildkite/agent.agebin0 -> 450 bytes
-rw-r--r--hosts/tahoe/secrets/secrets.nix7
2 files changed, 7 insertions, 0 deletions
diff --git a/hosts/tahoe/secrets/buildkite/agent.age b/hosts/tahoe/secrets/buildkite/agent.age
new file mode 100644
index 0000000..5f2f551
--- /dev/null
+++ b/hosts/tahoe/secrets/buildkite/agent.age
Binary files differdiff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix
index 01ff035..9eb8188 100644
--- a/hosts/tahoe/secrets/secrets.nix
+++ b/hosts/tahoe/secrets/secrets.nix
@@ -13,6 +13,13 @@ in {
     owner = "acme";
   };
 
+  # see https://buildkite.com/docs/agent/v3/tokens
+  "buildkite/agent.age" = {
+    publicKeys = all;
+    group = "buildkite-agents";
+    mode = "0440";
+  };
+
   "drone/secrets.age" = {
     publicKeys = all;
     owner = "drone";