# How to Use SOPS
SOPS is an important aspect of this operating system. Learning to use it is important for security and modularity. It is **important** that you do not lose the `private key`, as it is irrecoverable.

To get started, follow the instructions below.
1. Create a folder.
```sh
mkdir -p ~/.config/sops/age
```
2. Generate a private key using `age`
```sh
nix-shell -p age --run "age-keygen -o ~/.config/sops/age/keys.txt"
```
**...OR**
Use `ssh-to-age` to convert `id_ed22519` to `age`.
```sh
nix-shell -p ssh-to-age --run "ssh-to-age -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt"
```
There are other ways of generating a private key. Refer to [sops-nix](https://github.com/Mic92/sops-nix).

3. Get a **public key**.
```sh
nix-shell -p age --run "age-keygen -y ~/.config/sops/age/keys.txt"
```
4. On the same directory as `flake.nix`, create `.sops.yaml` and paste the following below.
```yaml
# This example uses YAML anchors which allows reuse of multiple keys 
# without having to repeat yourself.
# Also see https://github.com/Mic92/dotfiles/blob/d6114726d859df36ccaa32891c4963ae5717ef7f/nixos/.sops.yaml
# for a more complex example.
keys:
  - &admin_alice 2504791468b153b8a3963cc97ba53d1919c5dfd4
  - &admin_bob age12zlz6lvcdk6eqaewfylg35w0syh58sm7gh53q5vvn7hd7c6nngyseftjxl
creation_rules:
  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *admin_alice
      age:
      - *admin_bob

```
Replace as according to your needs.

5. Create a sops `.yaml` file.
```sh
nix-shell -p sops --run "sops secrets/example.yaml"
```
NOTE: If you add a new host to your `.sops.yaml`, you will need to update the keys for all secrets.
```sh
nix-shell -p sops --run "sops updatekeys secrets/example.yaml"
```