Nix's IPFS support is for everything in the Nix store, which is world-readable and in which NixOS places no secrets. Options for managing secrets in/with Nix projects either encrypt them in the store or never have them touch the store (encrypted or otherwise).
Mutable state like database contents, including their password databases, don't go in the Nix store either.
Mutable state like database contents, including their password databases, don't go in the Nix store either.