25 files changed, 231 insertions, 0 deletions

diff --git a/ops/secrets/.skip-subtree b/ops/secrets/.skip-subtree
new file mode 100644
index 000000000000..80f63816f5ba
--- /dev/null
+++ b/ops/secrets/.skip-subtree
@@ -0,0 +1,2 @@
+The Nix configuration in here is read by agenix and not compatible
+with readTree.
diff --git a/ops/secrets/README.md b/ops/secrets/README.md
new file mode 100644
index 000000000000..e59b86541335
--- /dev/null
+++ b/ops/secrets/README.md
@@ -0,0 +1 @@
+TVL's deployment secrets, encrypted with [agenix](https://github.com/ryantm/agenix/commits/main)
diff --git a/ops/secrets/besadii.age b/ops/secrets/besadii.age
new file mode 100644
index 000000000000..b78f02da8fce
--- /dev/null
+++ b/ops/secrets/besadii.age
Binary files differdiff --git a/ops/secrets/buildkite-agent-token.age b/ops/secrets/buildkite-agent-token.age
new file mode 100644
index 000000000000..35e592ee51e1
--- /dev/null
+++ b/ops/secrets/buildkite-agent-token.age
@@ -0,0 +1,14 @@
+age-encryption.org/v1
+-> ssh-ed25519 dcsaLw ZJlRpsGtBnu7qtonHrIKyxDuACwAn9Z4Ad8YTvOjyWQ
+TsBnCAtRF3lJOI3LW0x8cpJ0Ir+51myqwGCubBEEihQ
+-> ssh-ed25519 CpJBgQ Hr5JZFUsFLFX49F4qvc8ZS4Zz/rrETCl4V4uDtoxHgU
+IP8wOvr0mhyc56WLZhtEU9QXd69k8gRK3oWzxs5nyH4
+-> ssh-ed25519 aXKGcg yl4A7utB4cm5Wy8QXvPB0u6bmeRTGu2iOS2BIY+XWiE
+lQZFYlbSOHZV5+aZlxixKcb7qQ6cWtBbkahBS4TRSq0
+-> ssh-ed25519 OkGqLg esgNILaiQxhHVMgPNmyzFPhvjL5m3tY1PdvdzrZhtGo
+kNH1ng583BphHjSgSUdzIpy6gYDYjjbQC2rmcGJY5gU
+-> M,-grease y}:Lz[#F iM :l 2P7"r)!
+MUDSRsvwDGzejN/obhT6jpmTl7ZHpWEZ4VhRbVDzbG8DsWp/a9Nt+hxlEdQ/eAap
+mh77cYawCsYVFx8
+--- 6hjVqgo4RHJupqYhROm1lW2ZpWTH/5K20jfNe69Nc+Q
+��`�k�����9�6G`���g7Ku
#����;�#;dĹR����Ϝ�ÙlJ��T���ˎ�%�~ʲČA���k��=
\ No newline at end of file
diff --git a/ops/secrets/buildkite-graphql-token.age b/ops/secrets/buildkite-graphql-token.age
new file mode 100644
index 000000000000..e1c30b785b94
--- /dev/null
+++ b/ops/secrets/buildkite-graphql-token.age
@@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> ssh-ed25519 dcsaLw eGKM1q69QdToZ9wbtsdAgAfGHOsVrc/IJ4IFbHfoeAA
+eogaENxdhqW/2H+FM7SPWgN1UcXPzUTx3tYiVU9K8Rk
+-> ssh-ed25519 CpJBgQ v00XK32Div5ddrWPdzjv5ZFPECtW14rPv3G6iFvXUFI
+OQAJaolWVUiVXTK14b9Q5ZTYR4YQL2e6Ye5TY4Xxq0Y
+-> ssh-ed25519 aXKGcg ieOvBBSHPSP7k05I5unpRn6+S4K9NfRqwUb5s0XM0js
+z8Q+psAM7Zj02M7m3KNNjSTLmiLH9S+nOzQE5xz1nr0
+-> ssh-ed25519 OkGqLg OKzXlZJyHE73V36WVZ2KhvFhif3HZtZDjjBBv5g3hyA
+ilL9pohUoCXfNi1jLekPx35Iu3dGOBAe1H2JFXrKHTU
+-> VQDa2-grease 'HsH ^-&
+YuO3YgYZ3Q1CjlIayGFg1Y9zplKgzqR0mZeZlyaOJDMHDrWSOaWRPXjFVU/s2EvP
+MECrypRbNRaHEdPSY7udi1q5cVBPNj3Dci5uiq9t
+--- HKTtOZJq9MSAhr3x1eUhk6yFJU3y7TCPilXPhMNfbwA
+1�0��?��a�������9���4�bWyӌ��
+�jb��n���6	Pp�՚��l�'Y�Fy���
\ No newline at end of file
diff --git a/ops/secrets/clbot-ssh.age b/ops/secrets/clbot-ssh.age
new file mode 100644
index 000000000000..ab51ccc68e20
--- /dev/null
+++ b/ops/secrets/clbot-ssh.age
Binary files differdiff --git a/ops/secrets/clbot.age b/ops/secrets/clbot.age
new file mode 100644
index 000000000000..c44c77f58322
--- /dev/null
+++ b/ops/secrets/clbot.age
@@ -0,0 +1,14 @@
+age-encryption.org/v1
+-> ssh-ed25519 dcsaLw sjFTLxJ9JArZ/GU/R/hqRVgX73x3sDO4uNdVrRrZpXE
+cbMS1tn4+diLX4Hf1Pe0XBYvJH5G3ueZIIA+3KImq3Y
+-> ssh-ed25519 CpJBgQ 3yeOIq2DxFqr8NW4VpdaUVoEmwvQayWThPzoMo9UCmY
+xLyNilVdqXZ6WjAbT9NDFIssFc4564C/13z4w8WGnpU
+-> ssh-ed25519 aXKGcg peKlfil+osni6uHra2unBeQM5MBeK9TVmBg3BpozVy0
+KsKJ5yQQFWGbuiANV8uOck3sSIW82v/JKqLEuLJRsAo
+-> ssh-ed25519 OkGqLg Jo5YHWYNkou8JIBKrSrRJBG1VMdStmDqe/S62hdo+Ac
+U5zaBxJ6TKsuaB3vKS7+03vBJLe+nAWMZ6fSlwF+VQs
+-> 8SA_}x-grease
+J/zFiD0MDxVK5FDCv4fmA6sawl8gQZcPg0h1NunSjVnBUPNXx9FZylONpu9M56y8
+Z2JJ
+--- bR5Pl8ZiMNPIgx/n6ozwOkikLE9E6GWEK2SVIMUlbvI
+g�y�x_�������n�2�	uT��Z���R��G��7,i��S%ZS�K�Qd�.`��,y(�Y�n�9c�����	�
\ No newline at end of file
diff --git a/ops/secrets/default.nix b/ops/secrets/default.nix
new file mode 100644
index 000000000000..43f2a738bb6b
--- /dev/null
+++ b/ops/secrets/default.nix
@@ -0,0 +1,3 @@
+args:
+let mkSecrets = import ./mkSecrets.nix args; in
+mkSecrets ./. (import ./secrets.nix) // { inherit mkSecrets; }
diff --git a/ops/secrets/gerrit-queue.age b/ops/secrets/gerrit-queue.age
new file mode 100644
index 000000000000..68dd1e7e2e04
--- /dev/null
+++ b/ops/secrets/gerrit-queue.age
Binary files differdiff --git a/ops/secrets/gerrit-secrets.age b/ops/secrets/gerrit-secrets.age
new file mode 100644
index 000000000000..02a3c66b5369
--- /dev/null
+++ b/ops/secrets/gerrit-secrets.age
Binary files differdiff --git a/ops/secrets/grafana.age b/ops/secrets/grafana.age
new file mode 100644
index 000000000000..ad503dc32a8f
--- /dev/null
+++ b/ops/secrets/grafana.age
@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 dcsaLw CrJGrkztUpn+XkED1hn4Clr/oBNrer9J+/fdqDhgx18
+VWENh02k4HTkhDS2F219vrCUVuxXFOCPsCW+8eeZHs4
+-> ssh-ed25519 CpJBgQ 8Lm14o93CEh/aerPtMiStKYtqF/HdgJD05uRRegLgUs
+b0H5XBOe4nepmGzl646Ar0XAazzHAJeTLCCGUVaZyW0
+-> ssh-ed25519 aXKGcg SKWLHNM0WeFJoGlOPbI6v7CebdSK3qAmQ6kMW5YbIz4
+kQD7Oh9mQeCXyXzOc1kVI8ShE0J89TzuZBOboaQn7sE
+-> ssh-ed25519 OkGqLg ablfqKN1GYY3GWGCHGtciRFJwO4e0kbcS75Kaj+elUA
+PQPeRVzV/Yi0lxI7U+lNbCpeatymazj7GjQLhmL4YI8
+-> gse~-grease
+I9X7cHnmfbsnu/4AeVVtTRlbguJDylrAlCOqTOt11Gtg/Ft2fnZZTOmsKo8
+--- 3xk3ls7SR7s394FtfqLwxgUDjTPMjnhLz79ClvIm4pE
+
�yF�z���H�������*M��\�26I`ko΃�&ba�W��vM���.����j�����F�;Z��N��*�P�
�_J��c�_��(�S�j�d��8F�
\ No newline at end of file
diff --git a/ops/secrets/irccat.age b/ops/secrets/irccat.age
new file mode 100644
index 000000000000..5a45efa7ccdf
--- /dev/null
+++ b/ops/secrets/irccat.age
Binary files differdiff --git a/ops/secrets/journaldriver.age b/ops/secrets/journaldriver.age
new file mode 100644
index 000000000000..e9c182b7af5f
--- /dev/null
+++ b/ops/secrets/journaldriver.age
Binary files differdiff --git a/ops/secrets/keycloak-db.age b/ops/secrets/keycloak-db.age
new file mode 100644
index 000000000000..5942bf24c2e6
--- /dev/null
+++ b/ops/secrets/keycloak-db.age
Binary files differdiff --git a/ops/secrets/mkSecrets.nix b/ops/secrets/mkSecrets.nix
new file mode 100644
index 000000000000..c99130835f15
--- /dev/null
+++ b/ops/secrets/mkSecrets.nix
@@ -0,0 +1,27 @@
+# Expose secrets as part of the tree, making it possible to validate
+# their paths at eval time.
+#
+# Note that encrypted secrets end up in the Nix store, but this is
+# fine since they're publicly available anyways.
+{ depot, lib, ... }:
+
+let
+  inherit (depot.nix.yants)
+    attrs
+    any
+    defun
+    list
+    path
+    restrict
+    string
+    struct
+    ;
+  ssh-pubkey = restrict "SSH pubkey" (lib.hasPrefix "ssh-") string;
+  agenixSecret = struct "agenixSecret" { publicKeys = list ssh-pubkey; };
+in
+
+defun [ path (attrs agenixSecret) (attrs any) ]
+  (path: secrets:
+  depot.nix.readTree.drvTargets
+    # Import each secret into the Nix store
+    (builtins.mapAttrs (name: _: "${path}/${name}") secrets))
diff --git a/ops/secrets/nix-cache-priv.age b/ops/secrets/nix-cache-priv.age
new file mode 100644
index 000000000000..4a16897eb2c6
--- /dev/null
+++ b/ops/secrets/nix-cache-priv.age
Binary files differdiff --git a/ops/secrets/nix-cache-pub.age b/ops/secrets/nix-cache-pub.age
new file mode 100644
index 000000000000..692d86901526
--- /dev/null
+++ b/ops/secrets/nix-cache-pub.age
@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 dcsaLw 2wWiYCk+TcJdGdiT+YWVvv1FZ28EJYykwseyiZ9pkzs
+AMvMQQsWe3nar2TQM+wcyD2PEKlE9PeSx8G2ufJzEzI
+-> ssh-ed25519 CpJBgQ SpGruCznXleG0wmFMUTGJf7VNGKLEYqeQb/mv+axKxM
+SL4MTYEiOFgp6+90Fp3QFnSzFUfMWxNF2OHdH3Q+uy0
+-> ssh-ed25519 aXKGcg wWO1kn2tUlBZoMFsO1JrVhyqJCfv1BNhoVfKBwfidmA
+A3PAoWzbJWSlIKxGYsUEvuwRbDvRTjZYUdeSi+LQa1M
+-> ssh-ed25519 OkGqLg 2usxSwcnF2tZbJt6R7M+psTSW2M5HcZgr51t47D01GI
+HVGRSasPX9/I9E9oZhhMd6hVK/ga3n/UYzRAe2CjRqI
+-> /oh-grease v* Qu8SiS 2
+5dc
+--- 59MLx4Yl2G9G8QjEp+gOrKBPjCqm/ntgg8guQICu/x0
+�`�	8DJ�]�s�P�ݱRwa!�7k47<i:'?)���թ�����
�S�}�R�op)�_wIKp�:��S�5�0k��	��j��
\ No newline at end of file
diff --git a/ops/secrets/oauth2_proxy.age b/ops/secrets/oauth2_proxy.age
new file mode 100644
index 000000000000..baddeef1e369
--- /dev/null
+++ b/ops/secrets/oauth2_proxy.age
@@ -0,0 +1,14 @@
+age-encryption.org/v1
+-> ssh-ed25519 dcsaLw 3vCzURGgzn7i3pZp39oSfYy1F331qBDewFgjocK4/nE
+doccb4CZhyrA7jvbuG3i8nowApVGKWfIejJjLeXnb9Q
+-> ssh-ed25519 CpJBgQ 4KovCGvA0cBvEkhfyantUCny49hTu4L038xj/ZG2lCg
+o9iaan7jKGYukS4IiTVLV5YqjiycaWyPXyo3x6k8Jhk
+-> ssh-ed25519 aXKGcg stGJqj37f0E6S0qJW/r/cYXIoT+l4ERG0c/CMckpS28
+aNP2LcrFe9wLB1dnbJjoUTa8ckpMbR3cJtltDn/8st8
+-> ssh-ed25519 OkGqLg UK89eEeI/SOWUaR4jg4rDuKFOkzsf6PgNkcphUCoyj8
+o3WFOhB0B2T1F8mxb5qw25S4r9bYyc4tqwLb/iK0TAY
+-> ZcBt-grease P*F$|]1G *a9 ^dTv-Whe K`GVU
+mwq98CjcnoinoAsGUM2PolGrXBZhs9jbUQB8qEAZ7Qtzd6z6BjGoPGr4bjokZQ08
+RwOx9jBmAAFaW9Ak5JX9RBvxu/IIz6xVmQ8a8ev95tA
+--- ShfGC5iYYwDC5fXRkZV9Oh1aHJONbdR1EaAp+lrKWUE
+���t�~E�V�
�/֖�E}�_�H��R�7�PsSw>½��Zo�D`n)�ݷK,T}
�'F�[�S�Ky�7m"�E�G3�"����lj倕��^b[��M�lf�p��X�C���]�!N]m����
g���0�����!�g��1����Y��X�
\ No newline at end of file
diff --git a/ops/secrets/owothia.age b/ops/secrets/owothia.age
new file mode 100644
index 000000000000..845252dd1d4a
--- /dev/null
+++ b/ops/secrets/owothia.age
@@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> ssh-ed25519 dcsaLw ZV01yZa6uSpirIxPgW8fLJ3lI/RRb0tRObGey3zlgGE
+cu64HZYAxEL0qbUKcQEGzzQpwkAvXwp6NYYGaoHNwPw
+-> ssh-ed25519 CpJBgQ +NoCEPUKCscQxZLdjFI5YwWNiQuj8klra4AceYAOR1A
+xhNGia9flgRDn2QNsklyotwU7nJ9elXV8jMkT8XfUEA
+-> ssh-ed25519 aXKGcg MsimFAWS4vN6exoeKA2PVin+82QXzt32oS9iei6f4l4
+i+ph/HZ6a5f9QWorgwt0RFvmV4E4HpGSmkZAqdXhZ68
+-> ssh-ed25519 OkGqLg zLXi3YNberKHC7b/La1FdrLgLowjB4wovnXo/ayqeQs
+dYIN5zvmbMsN5yjhVrccjwYqXJHV9zcEJCjTnMIs55g
+-> FlqGql'-grease
+g+GgOSpwwnqLywaY4h9wMA2h7buTMM8vYEufiyTOOOSD7ljq1cgBePAoCFluW8UW
+8SDabs5WTRYgqqDnzVkx9V3JeIWJrfiKQj9coLZ1Crx5+YRD9r766eGEvHOC5eat
+432j
+--- V/bZkitOabEh8PO3J8dmv/IgycQOF5CmMvGTsHTdmlo
+���7(��t�N����F��g��ʿZ�&oo�,Ʀ�Q1�(^乍�K}W��14�)��D@׏�����Y���Yi
\ No newline at end of file
diff --git a/ops/secrets/panettone.age b/ops/secrets/panettone.age
new file mode 100644
index 000000000000..a8a176fb13e8
--- /dev/null
+++ b/ops/secrets/panettone.age
@@ -0,0 +1,16 @@
+age-encryption.org/v1
+-> ssh-ed25519 dcsaLw lFE6Oxzl0jaGpmfxEzmvywEyxsmPNfhv+NNR95XGiDI
+NJhZ6KFNLcScSR5iNB5IAL4UqWzort+jWypbKQPsxu0
+-> ssh-ed25519 CpJBgQ 7sMqCFUdss274yNWtYbXe+l7oevKaR99d6E7c4LWtjg
+rqwEyv2dT07qd87suVZxk+8+bmA2W6MFkoG8NktRRbY
+-> ssh-ed25519 aXKGcg 9/0QlqFKxPVwjwagBTWHdhJXWWYXn0v649ZhmzpUxWc
+pMs+PoMRi3FghN2odcBQ9tpE+0Mb/jaErnOnuuoq4sw
+-> ssh-ed25519 OkGqLg Is/FQ/8s+oq+qThcwOdnAgCrZX/kNBLc0Cwpvi2NMwk
+Zf31SwMF/fyBd1d899GPv8Z8A8GSBy5xuG4d8zL9Zz0
+-> wyU-grease Dzk;3o # ,q\WtGwI
+PoJGe6Xlhl47AhFLxM4HLaEYAqcx9lzodHasyZ1AH0BtdSFYT92cYw/1rSNWheTk
+YedxiXNrosw
+--- tJE6XbPtWlMYKHItyPlThcnLnmp/9AS1muhfgDosTCk
+$;� !���?;
+�b���H�}�����fx�Q��ͤd�a�ꈇK7���1O�Uӳ<����	��y8�mf���V�~�JҪ��Z���0��|��tN��[�O�;�2;/��3)v�GP%���J0�Y%���d�[1��k/�+�
+�
\ No newline at end of file
diff --git a/ops/secrets/secrets.nix b/ops/secrets/secrets.nix
new file mode 100644
index 000000000000..392abecde71b
--- /dev/null
+++ b/ops/secrets/secrets.nix
@@ -0,0 +1,42 @@
+let
+  tazjin = [
+    # tverskoy
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1fGWz/gsq+ZeZXjvUrV+pBlanw1c3zJ9kLTax9FWQy"
+  ];
+
+  grfn = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMcBGBoWd5pPIIQQP52rcFOQN3wAY0J/+K2fuU6SffjA "
+  ];
+
+  sterni = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJk+KvgvI2oJTppMASNUfMcMkA2G5ZNt+HnWDzaXKLlo"
+  ];
+
+  sanduny = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOag0XhylaTVhmT6HB8EN2Fv5Ymrc4ZfypOXONUkykTX";
+  whitby = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNh/w4BSKov0jdz3gKBc98tpoLta5bb87fQXWBhAl2I";
+
+  whitbyDefault.publicKeys = tazjin ++ grfn ++ sterni ++ [ whitby ];
+  allDefault.publicKeys = tazjin ++ grfn ++ sterni ++ [ sanduny whitby ];
+in
+{
+  "besadii.age" = whitbyDefault;
+  "buildkite-agent-token.age" = whitbyDefault;
+  "buildkite-graphql-token.age" = whitbyDefault;
+  "clbot-ssh.age" = whitbyDefault;
+  "clbot.age" = whitbyDefault;
+  "gerrit-queue.age" = whitbyDefault;
+  "gerrit-secrets.age" = whitbyDefault;
+  "grafana.age" = whitbyDefault;
+  "irccat.age" = whitbyDefault;
+  "journaldriver.age" = allDefault;
+  "keycloak-db.age" = whitbyDefault;
+  "nix-cache-priv.age" = whitbyDefault;
+  "nix-cache-pub.age" = whitbyDefault;
+  "oauth2_proxy.age" = whitbyDefault;
+  "owothia.age" = whitbyDefault;
+  "panettone.age" = whitbyDefault;
+  "smtprelay.age" = whitbyDefault;
+  "tf-glesys.age" = whitbyDefault;
+  "tf-keycloak.age" = whitbyDefault;
+  "tvl-alerts-bot-telegram-token.age" = whitbyDefault;
+}
diff --git a/ops/secrets/smtprelay.age b/ops/secrets/smtprelay.age
new file mode 100644
index 000000000000..166d2638e1e8
--- /dev/null
+++ b/ops/secrets/smtprelay.age
@@ -0,0 +1,14 @@
+age-encryption.org/v1
+-> ssh-ed25519 dcsaLw xcNp0GhoE++itBIAUi+0OIKlLENHGqklq02/YGQbH0A
+34OgtbXFlhvjYJQI8zysSKdZiK7FBKn+lunvR1TWYrE
+-> ssh-ed25519 CpJBgQ RSWDjIWDt3nbVmvOusrkmy8K+A15Fph/ApbbBw5L7VA
+mP+nnsLaVkeMAAMJ8nsBq4CAw66lVF87bmvGMmsT55A
+-> ssh-ed25519 aXKGcg YBiyBkcEWP+5m8fTHPWlGKTfyN92gfhJQkmAxJ3Zei0
+dnnJmSII9wmPJ1jL8s8COPjxoIip4HwWPpmK5jNNlcE
+-> ssh-ed25519 OkGqLg 1A5xPUHzoN+lXYlwKlbV42JCI1l361IyyllZ2HmxGCc
+Mi8igtdp0yFEM6lfiT/PqtA6+KWwqS5EWkmtKS+JBWk
+-> ]3/,-grease Fj#1m Vq3REqK
++sNTJq8Vdns
+--- y1d0IBqYwo/ABm9XOEQG26UA7NtTg+8mg/QLtPyMLwc
+O�t��X�OW +]+�7|�D�|n#��pP�S�a�ݔ#��}v2��bM�����v�?V��� �9�B˱�}�v�M����
+�Uv�Mq��@�I
5m��Nx
��
\ No newline at end of file
diff --git a/ops/secrets/tf-glesys.age b/ops/secrets/tf-glesys.age
new file mode 100644
index 000000000000..53aa5e1acb03
--- /dev/null
+++ b/ops/secrets/tf-glesys.age
Binary files differdiff --git a/ops/secrets/tf-keycloak.age b/ops/secrets/tf-keycloak.age
new file mode 100644
index 000000000000..ddc477b21a18
--- /dev/null
+++ b/ops/secrets/tf-keycloak.age
@@ -0,0 +1,14 @@
+age-encryption.org/v1
+-> ssh-ed25519 dcsaLw gvGXpwn8HNlihpVLJYZjYXhG/4BZEYl+0K1Ssa2AxQ8
+NPUvQBTbB3SeXVn8UZ2F0Plf4/JcFWlqY8+GYou1juY
+-> ssh-ed25519 CpJBgQ eg5lnSlBt+dB+shFKK2f+NRgoHTPLxhQkj+Mzfb4yQ4
+KQ1vgSElo+WWHz8JeyxLNbPGGPyV9yRZjxvepzZvsLY
+-> ssh-ed25519 aXKGcg EASpT9L2vhGCK4Vv8wupTl2/RQROrhuQGqTQT1X2y3Y
+cqyOSnmyJ63UmPO8ck/aeGq5LaoJjBAnshNl8582m4c
+-> ssh-ed25519 OkGqLg wcYKXhHD3NJCFZhPxouufaj8pNzyUlXYfaUMZ8A7Y2o
+kQOH5xBYg0BWI3s8glbSe7cSW0ExV+UPi8XCJKPcO1g
+-> 1OJ-grease m&\ `{=h?y l;&SteqI
+Wr+SeswiW4qeYWkZaZFJzp1dmmU6iDPCapV+DVuY0HMmfIBE2nPcqN4RbiwYYWJj
+Syth+aJoaxZCweA
+--- uiwC00V7k3Bf0e0ie6q/MZzVRCr4EGZFi2XBOpOiG8k
+Yh��a�[A�wˆPi��Ixu�Yނ�1���䀒�w�^qZ��WZ�E(�Ҩ�'��|/���t��K��S-�����$Yy��_V7ð7ڷ��LP%f�4��[{+ҏWfw�s�]e��74O��_�8��lE�;}�+�BQ�o�����d��ܨ�:`?��'�k@��õ8���l��}l�1�o�Gd������B���Xh*v��o�f?��T�
\ No newline at end of file
diff --git a/ops/secrets/tvl-alerts-bot-telegram-token.age b/ops/secrets/tvl-alerts-bot-telegram-token.age
new file mode 100644
index 000000000000..6add74e57c88
--- /dev/null
+++ b/ops/secrets/tvl-alerts-bot-telegram-token.age
@@ -0,0 +1,14 @@
+age-encryption.org/v1
+-> ssh-ed25519 dcsaLw mz2ZilWD6wvCeSOEw9PRWreOovcUGk59bDo3ypDTBHs
+jNMQEZ6KTazpJjnHZAiyja55AD99yiF+3yc+7tBqeBQ
+-> ssh-ed25519 CpJBgQ FnhG7HRnZqu2WUtswvP2VKWyhiS9k8COhxd5Vm9rDmA
+0JcNRDChw4j/vhpGErre76BkNNbc7i1XzMfa/MQg6Qc
+-> ssh-ed25519 aXKGcg GPEcxdz1c6JW2YhPa2+49/Z6hwUFvIRv1aQ+Y7XrZjs
+8Bgorgwfb3LnOyurVzfbP5b/hjZTO/67HRP+Bl9R3LY
+-> ssh-ed25519 OkGqLg QSZuPfaqhg+dlBo8ln4Gwjc1mQaclAcM4D73hRR82h4
+3S0tpChYzsZaJi1qYjtlZl06sx36nnBmtRoDDtKEq5k
+-> :x*W.Otm-grease F W=&\fK xa
+w0HSWYEFhLW1BnlCddL/5643ar0JV7HBYOwSVJaAnCWBFpw8qGn3STkCAaH9yDqd
+MTfi6XmQxW8nlbI6WN8HjMHf+lLS09s2QQZC
+--- +va/S94k2aWpSaGLXK7erGKh85NzZlARsNwznhrVhIQ
+`�QOD`��he�b��׊%js��t���z�#��@&���A��"j]�U
�G'��̞��Aⵁb�B�SWf��q~��6
\ No newline at end of file