Improve secret management #81

New issue

Closed

opened 2024-04-14 14:53:40 +00:00 by pim · 0 comments

pim commented 2024-04-14 14:53:40 +00:00

Owner

Copy link

We now have two keys: for secrets encryption: one for nix secrets and one for k8s secrets. Make these depend on only one key. Looks like we cannot use SSH keys for this, only "normal" age keys.

Also, during bootstrap, don't take the hosts' age key from keepassxc, but encrypt them with sops and grab them with our other methods.

We now have two keys: for secrets encryption: one for nix secrets and one for k8s secrets. Make these depend on only one key. Looks like we cannot use SSH keys for this, only "normal" age keys. Also, during bootstrap, don't take the hosts' age key from keepassxc, but encrypt them with sops and grab them with our other methods.

pim changed title from Use sops for secrets in nix to Use the same age key on nix and k8s secrets 2024-04-14 14:54:37 +00:00

pim changed title from Use the same age key on nix and k8s secrets to Improve secret management 2024-04-14 14:56:13 +00:00

pim closed this issue 2024-06-15 20:29:19 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

headscale

nix-snapshotter

No results found.

Labels

Clear labels

  

Bug

  

Enhancement

  

Investigate

Investigate the utility or feasability

  

Long-term plan

  

New feature

  

New service

A potential new service that we would like to host.

No labels

Bug

Enhancement

Investigate

Long-term plan

New feature

New service

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: home/nixos-servers#81

No description provided.