Y
Hacker News
new
|
ask
|
show
|
jobs
by
yencabulator
1410 days ago
One thing nixos-rebuild doesn't get you is a secrets transmission mechanism. I've been dabbling to build something independent of NixOS/Nix that would still do that neatly...
1 comments
VTimofeenko
1409 days ago
May I suggest agenix? It dovetails into my deploy-rs flake setup very nicely and I can track the encrypted secrets in the flake repo.
I keep the "master" key encrypted in pass passing it in a zsh's "=" subshell to agenix.
link
I keep the "master" key encrypted in pass passing it in a zsh's "=" subshell to agenix.