[Nix-dev] NixOps - secret/credentials management

Oliver Charles ollie at ocharles.org.uk
Thu May 12 10:06:57 CEST 2016


Hi Tomasz,

One option is to introduce these credentials as parameters to your network
evaluation:

{ secretCertificate }:
{
  web = { ... } : ...
}

Then you will need to set this parameter when you do deployments in order
to evaluate the network expression and perform deployments. You could
easily script this and interactively prompt the user, or maybe use GPG to
decrypt an encrypted file for the values at deployment time.

Hopefully that gives you some ideas,
Ollie

On Thu, May 12, 2016 at 12:57 AM Tomasz Czyż <tomasz.czyz at gmail.com> wrote:

> Hi all NixOps users and devs.
>
> I wanted to deploy some secrets/certificates to machines and I'm not sure
> how to do that. I would like to avoid storing those in nix store. Is there
> any way to deploy secrets to machines and not use nix store?
>
> I know there is solution to deploy disk encryption keys which is stored in
> state file, but what about other secrets? Is there any general way to
> handle that?
>
> I thought that I could do that using "nixops ssh" feature, but I would
> like to describe those credentials in network.nix file, is that possible?
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160512/1ca84ccb/attachment.html 


More information about the nix-dev mailing list