Create and copy the following content into your `.sops.yaml`. Replace `YOUR_PULBIC_AGE_KEY` with the public key that you can find in your previously genereted keys.txt.
> [!NOTE]
> Do not change the indentation!
```yaml
---
creation_rules:
- age: >-
YOUR_PULBIC_AGE_KEY
```
## talos secret
Generate and encrypt your new talos secret.
```bash
talhelper gensecret > talsecret.sops.yaml
sops -e -i talsecret.sops.yaml
```
> [!CAUTION]
> Do not update or change `talsecret.sops.yaml`.
## talhelper environment vars
Create and encrypt the talenv.yaml to store sensitive data used during `talhelper genconfig`
```bash
vi talenv.yaml
sops -e -i talenv.yaml
```
## talhelper genconfig
The command `talhelper genconfig` will create a `.gitignore`, `talosconfig` and `CLUSTERNAME_HOSTNAMEs.yaml` under clusterconfig.
> [!CAUTION]
> The `.gitignore` contains all genereted files from `talhelper genconfig` because those files contain unencrypted secrets.
Create a talconfig.yaml. Take inspiration from the [talhelper template](https://github.com/budimanjojo/talhelper/blob/master/example/talconfig.yaml) and the [configuration parameters](https://budimanjojo.github.io/talhelper/latest/reference/configuration/).