Alternative script to manage encrypted files #264
jcszymansk
started this conversation in
Show and tell
Replies: 2 comments
-
|
Cool, thanks for the share! I'm going to close the issue, but I wonder if we should open discussions (or maybe they're already open? On mobile). EDIT: oh geez, this is a discussion already! Sorry, thanks for the share! |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
There are also these tools:
(from #23) |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
As much as I love
agenix, I never really liked thesecrets.nixfile and the workflow it requires. After several abortive attempts to populate it from my flakes' configuration, I decided to try another approach.So here it is. The main idea is that configurations, and thus secrets, are usually somehow grouped, say
systems/linux/hostX,hostYetc. and most if not all secrets onhostXwill share the same decryption key, but also that key will not necessarily be the same that is used where the configuration is maintained. So here's where it would look for public keys to encrypt thesystems/linux/hostX/secret.txt.agefile:Not all of these files need to exist and
.agemastermay be empty, any keys found will be used and at least one key must be there; I myself have the hosts' ssh key inhostname/.agekeyand my own in.agemaster, the identity being.ssh/id_ed25519. Each of those files can also contain more keys, one per line.Operations now supported are:
It is available here, it can be also run without installing via the flake:
nix run github:jacekszymanski/nur-packages#manage -- help.That's it. It's now "works for me pre-alpha", usual warnings etc., but I'm using it for all my configurations now and didn't have to restore anything from backup so far, so it might work for someone else too. :-)
Beta Was this translation helpful? Give feedback.
All reactions