From 4df09fe46254e3fc4cf90f1cda8925f40591014d Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Fri, 6 Feb 2026 13:10:41 +0100
Subject: [PATCH] feat(sops): add encrypted secret key for Searx integration

- Introduced a Sops-encrypted `searx.yaml` file containing the `secret_key`.
- Ensures secure management of sensitive data for the Searx service.
- Configured multi-recipient encryption to maintain access flexibility.
---
 .secrets/sgx/searx.yaml | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 .secrets/sgx/searx.yaml

diff --git a/.secrets/sgx/searx.yaml b/.secrets/sgx/searx.yaml
new file mode 100644
index 0000000..9201855
--- /dev/null
+++ b/.secrets/sgx/searx.yaml
@@ -0,0 +1,34 @@
+secret_key: ENC[AES256_GCM,data:zmWocem3U+sKsbi0Sv11bnnwKQ+rGi9Whuxz7w==,iv:r0jc0waNSUk6CYVJ3143fvWxByzYseuSJyuZ+Q7Mhqg=,tag:M/TUsI460fO8qVOPD5rhEA==,type:str]
+sops:
+    age:
+        - recipient: age149fqcw5jze00vd7jauylrp4j5xyv7amlu57jjfuzghkqtzlnxajs704uz3
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHWWZ5Uk1tUHQzZi9ONFFP
+            QndZQnJjRHRjSkRPRFpXYS8rb2RUV1QxRlJnCk51TXFFWjA0OVpFaUJJanEwaStL
+            cHJGWWZTb0R6VmFWVjVyamowNlI1ZEkKLS0tIElQZGdVTURPWE80TU0weUg3NGhy
+            MkFpdElvcnp0eStXbkx1TnpGd0V1TTgKtbFGJAZoMRyStbBbCciiHeIQR3aB0oyx
+            T0PvyZ4Hl25cywtYvJlyqKf9Xw+HP+Js5OwnSrX4xPrskxPTT+hYWA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaWDFFNWtkWlRyNUNqWU43
+            NFY5dVFxSFRxSzR0VVBnN2RrMnl3NXJXNlhzCnplcVVYaEl0TjRKK0F1RTRaKzJH
+            eDkvVExLem1FM2IrN3oyQkc3SnFlNU0KLS0tIEFYTWRFVkVBeS9UMjRDTTJFekZD
+            WE1FWUs3SUtjdTIwbEhDajU0bThYTUUKlPvZ0RZWvxvwFhtFsr+RlDHNlgwVrr1H
+            PKlWwphomA40SvIQ3ge7g6hZYbfVZRknu8FSd5mB5C/KNNpql+p1MQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1cpm9xhgue7sjvq7zyeeaxwr96c93sfzxxxj76sxsq7s7kgnygvcq5jxren
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDMzl1Vnh1Y1V0RHRhUHZp
+            a1JacjZvOVpVb3p1R3FuWlFqSWJhanZGWUdjCnlVeWFJUmZwL2lMdnltdisrajd1
+            WVVYVndGLzBacEdDQlBjY1dpdGk2NEkKLS0tIGhHaG5hYnQ3NDVjc0ZmQndxbUw3
+            UUliOTAzQ204UFhFQmNxMEk4OGpDem8KcQBGz6FuzVJBTNIvPoyPXI+THANnVlgW
+            HHyMLrtl3dnKdlEjuKrx7PHmSxCy3nYUA6utCQ05i0VnNKK4Jiu6DQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-02-06T12:04:55Z"
+    mac: ENC[AES256_GCM,data:vRYIgWgORVnB6fZm54xWnRLWx/8BmiHEOCZU0LXKeH9bA66WppzmuX9DN+v/1U7CvxnsF0uo5xc9gBB4iby+ToMB4oxXCuu1fRbDev49EFPjUJ3xyKW8eb87mepoOirVEFbc71v7V1EVYMBL9KGHPgErPGTU6fXOsF66Ua3mxgw=,iv:Atk7X1pHvmvWeXJFaYRZYvEYEDaseQ0VD0Ct9FM1Mfc=,tag:wYtgYqUWhmSOxe8NzBmrog==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0