UNPKG

@sebastienrousseau/dotfiles

Version:

The Trusted Shell Platform — Universal dotfiles managed by Chezmoi. Features Bash & Zsh for macOS, Linux & WSL. Rust modern tooling & enterprise-grade security.

dotfiles.io

sebastienrousseau/dotfiles

27 lines (19 loc) 907 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
--- render_with_liquid: false --- # Automation Secrets ## Required secrets | Secret | Scope | Purpose | | :--- | :--- | :--- | | `ACTIONS_BOT_SIGNING_KEY` | GitHub Actions | SSH private key used for signed automation commits | | `GITHUB_TOKEN` | GitHub Actions | GitHub API access for PRs, attestations, and scans | ## Required local variables | Variable | Scope | Purpose | | :--- | :--- | :--- | | `HOMEBREW_INSTALLER_SHA256` | macOS bootstrap | Verifies the Homebrew installer before execution | | `CHEZMOI_INSTALLER_SHA256` | Installer | Verifies the Chezmoi installer before execution | ## Provisioning notes 1. Store the SSH signing private key in GitHub Actions as `ACTIONS_BOT_SIGNING_KEY`. 2. Store the matching public key in [allowed_signers](/home/seb/.dotfiles/dot_config/git/allowed_signers). 3. Rotate the key on personnel or workstation change. 4. Fail closed when secrets are absent.