Y
Hacker News
new
|
ask
|
show
|
jobs
by
VTimofeenko
1411 days ago
Huh, I guess I was woefully behind on changes to nixos-rebuild. Thanks for the pointer, I will check it out
1 comments
yencabulator
1411 days ago
One thing nixos-rebuild doesn't get you is a secrets transmission mechanism. I've been dabbling to build something independent of NixOS/Nix that would still do that neatly...
link
VTimofeenko
1411 days ago
May I suggest agenix? It dovetails into my deploy-rs flake setup very nicely and I can track the encrypted secrets in the flake repo.
I keep the "master" key encrypted in pass passing it in a zsh's "=" subshell to agenix.
link