mirrors/sops-nix
mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2025-03-16 05:28:15 +00:00
Code Activity

README: add section about using sops-nix at evaluation time

Browse source
This commit is contained in:
Jörg Thalheim 2022-02-21 10:14:00 +01:00
parent fc22eff320
commit cda46de69a
No known key found for this signature in database
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -832,3 +832,13 @@ before `nixos-rebuild switch` to provision initrd secrets
before actually using them in the initrd. before actually using them in the initrd.
In the future, we hope to extend NixOS to allow keys to be In the future, we hope to extend NixOS to allow keys to be
provisioned in the bootloader install phase. provisioned in the bootloader install phase.
### Using secrets at evaluation time
It is not possible to use secrets at evaluation time of nix code. This is
because sops-nix decrypts secrets only in the activation phase of nixos i.e. in
`nixos-rebuild switch` on the target machine. If you rely on this feature for
some secrets, you should also include solutions that allow secrets to be stored
securely in your version control, e.g.
[git-agecrypt](https://github.com/vlaci/git-agecrypt). These types of solutions
can be used together with sops-nix.