From a45636d7a573d3eae033cffd9115d429a8e83ea9 Mon Sep 17 00:00:00 2001 From: Pogobanane Date: Wed, 1 Feb 2023 21:19:37 +0100 Subject: [PATCH] readme: improve --- README.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 5d1731f..bff24ad 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,7 @@ format to `age` keys.
1. Install sops-nix -Choose one of the following methods: +Choose one of the following methods. When using it non-globally with home-manager, refer to [Use with home-manager](#use-with-home-manager). #### Flakes (current recommendation) @@ -744,7 +744,7 @@ And instead of decrypting to `/run/secrets`, the secrets are decrypted to `$XDG_ **Since the secrets are decrypted there, it's highly recommended to use a tmpfs for `$XDG_RUNTIME_DIR` to avoid storing secrets in plain text on persistent storage. Linux distributions using systemd-logind do that out-of-the-box.** Depending on whether you use home-manager system-wide or using a home.nix, you have to import it in a different way. -This example show the `channel` approach from the usage example above for simplicity, but all other methods work as well. +This example show the `channel` approach from the example [Install: nix-channel](#nix-channel) for simplicity, but all other methods work as well. ```nix { @@ -772,9 +772,13 @@ The actual sops configuration is in the `sops` namespace in your home.nix (or in # It's alos possible to use a ssh key, but only when it has no password: #age.sshKeyPaths = [ "/home/user/path-to-ssh-key" ]; defaultSopsFile = ./secrets.yaml; - sops.secrets.test = { + secrets.test = { # sopsFile = ./secrets.yml.enc; # optionally define per-secret files - path = "%r/test.txt"; # %r gets replaced with your $XDG_RUNTIME_DIR, use %% to specify a '%' sign + + # %r gets replaced with a runtime directory, use %% to specify a '%' + # sign. Runtime dir is $XDG_RUNTIME_DIR on linux and $(getconf + # DARWIN_USER_TEMP_DIR) on darwin. + path = "%r/test.txt"; }; }; }