Secret management #4

New issue

Closed

opened 2023-10-08 16:14:09 +00:00 by pim · 0 comments

pim commented 2023-10-08 16:14:09 +00:00

Owner

Copy link

I need to figure out how to do secret management in nix for e.g. wireguard. All files in the nix store are world-readable (on my machine at least). While I only use this machine for myself, it seems like a bad idea to do. The way it seems to me, saving encrypted files in the nix store seems like an okay idea.

Resources:
https://github.com/Mic92/sops-nix
https://github.com/ryantm/agenix
https://nixos.wiki/wiki/Comparison_of_secret_managing_schemes
https://github.com/jordanisaacs/homeage
Homeage has best support for flakes and as of yet, cannot get it to work without it

I need to figure out how to do secret management in nix for e.g. wireguard. All files in the nix store are world-readable (on my machine at least). While I only use this machine for myself, it seems like a bad idea to do. The way it seems to me, saving encrypted files in the nix store seems like an okay idea. Resources: https://github.com/Mic92/sops-nix https://github.com/ryantm/agenix https://nixos.wiki/wiki/Comparison_of_secret_managing_schemes https://github.com/jordanisaacs/homeage Homeage has best support for flakes and as of yet, cannot get it to work without it

pim closed this issue 2023-10-15 10:32:18 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

hyprland

vuescan

No results found.

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: pim/nixos-laptop#4

No description provided.