Encrypt secrets for all machines and admins #32

New issue

Closed

opened 2024-01-08 19:37:15 +00:00 by pim · 0 comments

pim commented 2024-01-08 19:37:15 +00:00

Owner

Copy link

Currently, secrets are only encrypted for the host they currently reside on. This is not very portable: if we want to change the machine they are deployed on, we need to re-encrypt them. Also, currently they can only be edited using the private keys of each machine. It would instead be desirable to encrypt each secret for each machine and each admin. Then, only deploy them on each machine when necessary.

Currently, secrets are only encrypted for the host they currently reside on. This is not very portable: if we want to change the machine they are deployed on, we need to re-encrypt them. Also, currently they can only be edited using the private keys of each machine. It would instead be desirable to encrypt each secret for each machine and each admin. Then, only deploy them on each machine when necessary.

pim referenced this issue from a commit 2024-01-08 20:47:09 +00:00

encrypt secrets with all machines' and admins' public keys

pim closed this issue 2024-01-08 20:47:09 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

headscale

nix-snapshotter

No results found.

Labels

Clear labels

  

Bug

  

Enhancement

  

Investigate

Investigate the utility or feasability

  

Long-term plan

  

New feature

  

New service

A potential new service that we would like to host.

No labels

Bug

Enhancement

Investigate

Long-term plan

New feature

New service

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: home/nixos-servers#32

No description provided.