Ryan Mulligan
Ryan Mulligan
Cool, I'll have to take a closer look soon. The reason I chose to use Nix instead of Yaml (like `sops`), is that I wanted to be able to program...
Or maybe a better example is, I have some monit certificate PEM file that is a secret that I want to distribute to all my servers, so, I'd like to...
Is your concern with the `secrets.nix` approach that you have to list every secret?
> Would a `[groups]` table work for you? Yep! Another reason I was going toward the .nix approach is because I have to keep a attrset of public keys in...
@cole-h Do you already have nix expressions for integrating agenix-rs with the agenix repo? I'd like to try it out!
@cole-h I'm newly interested in this because I really want to fix https://github.com/ryantm/agenix/issues/4 I tried it out some. It seems like it doesn't support rekeying all the paths at once....
@kanashimia Interesting. I think this approach is making you vulnerable to rekeying your secrets based on GitHub (or someone infiltrating GitHub) adding additional public keys to that file. With the...
I just learned about https://github.com/yaxitech/ragenix from @veehaitch @vtuan10 . Would share your opinion about why you like using Nix expressions for specifying your secret rules?
@psionic-k One-way encryption works fine, just don't include your public key in `secrets.nix` for that secret. What can we do to make this more clear?
The way to accomplish a "blind edit" is to first `rm` the secret file.