this post was submitted on 19 Jun 2023
3 points (100.0% liked)

nixos

1262 readers
6 users here now

All about NixOS - https://nixos.org/

founded 4 years ago
3
A pure way to manage secrets? (beehaw.org)
submitted 1 year ago by bici@beehaw.org to c/nixos@lemmy.ml
2 comments fedilink hide all child comments
 

I use agenix for managing some secrets on my nixos-configs. Agenix deploys the unencrypted secrets in the live system, so the secrets cannot be accesed when evaluating the nixos config.

Do you know any way or hack to have secrets inside of nix expressions?

It would be great if that solution would be pure and compatible with nix flakes.

Thanks :)

top 2 comments
sorted by: hot top controversial new old
[โ€“] rycee@lemmy.world 3 points 1 year ago

The only way I know of for this is to use something like git-crypt. You can, for example, have a secrets.nix file that is encrypted in the repo but unencrypted when you do a checkout. This is trivially compatible with Nix Flakes since the file of secrets actually is in plain text on your system.

[โ€“] Atemu@lemmy.ml 1 points 1 year ago

Question is whether you want that because that'd likely embed the secret into the .drv files.

What do you need that for?