# SOPS encrypted secrets for amzebs-01
# Edit with: nix-shell -p sops --run 'sops hosts/amzebs-01/secrets.yaml'
#
# Required secrets:
# - borg-passphrase: Backup encryption passphrase
# - borg-ssh-key: SSH private key for backup server access
# - mysql-readonly-password: Password for read-only MySQL user (api_ebs_amz_at_ro)
#
# To initialize this file, first ensure the host SSH key exists, then run:
# sops hosts/amzebs-01/secrets.yaml

# Placeholder structure (will be encrypted after initialization):
borg-passphrase: CHANGEME
borg-ssh-key: |
  -----BEGIN OPENSSH PRIVATE KEY-----
  CHANGEME
  -----END OPENSSH PRIVATE KEY-----
mysql-readonly-password: CHANGEME