testnet

xDarksome · xDarksome · commit f90beaf3e9ad · 2025-10-23T15:52:24.000Z
diff --git a/flake.nix b/flake.nix
@@ -80,17 +80,9 @@
 
             solc
             foundry
-          ];
 
-          shellHook = ''
-            alias ga="$(which git) add"
-            alias gst="$(which git) status"
-            alias gc="$(which git) commit"
-            alias gco="$(which git) checkout -b"
-            alias glog="$(which git) log"
-            alias lsa="ls -lah"
-            alias prettyup="cargo fmt --all && cargo clippy --all-features --fix --allow-dirty"
-          '';
+            terraform
+          ];
         };
       }
     );
diff --git a/infra/modules/sops-encryption-key/main.tf b/infra/modules/sops-encryption-key/main.tf
@@ -0,0 +1,47 @@
+data "aws_caller_identity" "current" {}
+
+resource "aws_kms_key" "this" {
+  description  = "Key used for encryption/decryption of WCN SOPS secrets"
+  multi_region = true
+}
+
+resource "aws_kms_key_policy" "this" {
+  key_id = aws_kms_key.this.id
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Id      = "key-default-1"
+    Statement = [
+      {
+        Effect = "Allow"
+        Principal = {
+          AWS = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
+          AWS = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/TerraformCloud"
+        },
+        Action   = "kms:*"
+        Resource = "*"
+      },
+      {
+        Effect = "Allow"
+        Principal = {
+          AWS = "*"
+        },
+        Action = [
+          "kms:DescribeKey",
+          "kms:Encrypt",
+          "kms:Decrypt",
+          "kms:ReEncrypt*",
+          "kms:GenerateDataKey",
+          "kms:GenerateDataKeyWithoutPlaintext"
+        ],
+        Resource = "*",
+        "Condition" : {
+          "ArnLike" : {
+            "aws:PrincipalArn" : "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/AWSReservedSSO_Read-Only*"
+          }
+        }
+      }
+    ]
+  })
+
+}
diff --git a/infra/testnet/main.tf b/infra/testnet/main.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_version = ">= 1.12"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 6.0"
+    }
+  }
+}
+
+module "sops-encryption-key" {
+  source = "../modules/sops-encryption-key"
+}
