mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2024-12-14 11:57:52 +00:00
Code Activity

Add info about hash passwords

Browse source
This commit is contained in:
Haru02w 2024-01-20 20:29:06 -03:00 committed by Jörg Thalheim
parent ae171b54e7
commit 4606d9b159
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -574,6 +574,12 @@ To work around this issue, it's possible to set `neededForUsers = true` in a sec
This will cause the secret to be decrypted to `/run/secrets-for-users` instead of `/run/secrets` before NixOS creates users. This will cause the secret to be decrypted to `/run/secrets-for-users` instead of `/run/secrets` before NixOS creates users.
As users are not created yet, it's not possible to set an owner for these secrets. As users are not created yet, it's not possible to set an owner for these secrets.
The password must be stored as a hash for this to work, which can be created with the command `mkpasswd`
```console
$ echo "password" | mkpasswd -s
$y$j9T$WFoiErKnEnMcGq0ruQK4K.$4nJAY3LBeBsZBTYSkdTOejKU6KlDmhnfUV3Ll1K/1b.
```
```nix ```nix
{ config, ... }: { { config, ... }: {
sops.secrets.my-password.neededForUsers = true; sops.secrets.my-password.neededForUsers = true;