published
updated
Need to store secrets in your nixos config gitrepo that declaritively manages everything for you? Try agenix today!
I have it in my devShell for nix-garden
Otherwise run it with flakes:
nix run github:ryantm/agenix -- --help
Usage
Add an entry to secrets.nix
with the name of the secret and the list of keys that can decrypt it
then run agenix -e <secret-name>.age
to create the secret. It'll open a text editor to enter the secret value
Rekey
In order to rekey secrets, you need to be able to decrypt them. You'll probably need to copy over the keys from all the various key files defined in secrets.nix
then you can run with agenix installed:
agenix --rekey