Agenix Tutorial

nix ops

published 2022-06-14 14:31

updated 2023-02-19 22:08

Need to store secrets in your nixos config gitrepo that declaritively manages everything for you? Try agenix today!

I have it in my devShell for nix-garden Otherwise run it with flakes: nix run github:ryantm/agenix -- --help


Add an entry to secrets.nix with the name of the secret and the list of keys that can decrypt it then run agenix -e <secret-name>.age to create the secret. It'll open a text editor to enter the secret value


In order to rekey secrets, you need to be able to decrypt them. You'll probably need to copy over the keys from all the various key files defined in secrets.nix then you can run with agenix installed: agenix --rekey