sops-nix

mirror of https://github.com/Mic92/sops-nix.git synced 2024-12-15 17:50:51 +00:00

Author	SHA1	Message	Date
Jörg Thalheim	150afcb240	move all nix expressions to pkgs	2022-05-15 08:19:33 +02:00
Janne Heß	5e2f743edd	Re-add service restarts We also have service reloads now, so add them as well	2022-03-14 17:30:56 +01:00
Janne Heß	8677dd6909	Replace separator for nested keys for consistency	2021-11-29 12:20:25 +01:00
Janne Heß	23259ded2c	Remove restart logic from README and test The required code in nixpkgs was reverted so we should not advertise a feature that does not work. We can revert this commit if the feature is re-merged into 22.05 with the proper version in it.	2021-11-29 10:24:45 +01:00
Janne Heß	edb3913e10	Remove debug text	2021-11-23 22:32:41 +01:00
Janne Heß	bac2a891b7	Fix user passwords disappearing Also add a test case for this. Closes #137	2021-11-13 14:17:51 +01:00
Janne Heß	af29ac4d84	Prune old secrets generations Closes #128	2021-11-09 23:17:55 +01:00
Janne Heß	bac08f6919	Allow setting user passwords	2021-11-07 13:53:16 +01:00
Janne Heß	79706f6748	Fix secrets mount point and remove default	2021-11-07 13:00:05 +01:00
Janne Heß	9683d128bd	Add support for restarting/reloading units	2021-11-07 12:37:57 +01:00
Janne Heß	2b9a0815ca	Implement nested secrets	2021-09-30 21:49:47 +02:00
Jörg Thalheim	c5e0f55d8d	nixos-tests: fix identations	2021-09-30 21:09:26 +02:00
Janne Heß	4cebc08062	Fix age key generation and test it	2021-09-30 15:28:39 +02:00
Janne Heß	5db02f2939	Import age keyfile and ssh keys at the same time	2021-09-30 15:07:30 +02:00
Janne Heß	9083e64fb9	Swap order of age ssh keys and the key file It makes more sense to import the key when we have one and ignore the SSH keys instead of only importing the key when we have no SSH keys. This is because we import all SSH keys by default in the module and using a key file means the use has to explicitly unset the SSH keys.	2021-09-30 14:05:38 +02:00
Jörg Thalheim	a38ba56ca2	import ssh keys both for gpg and age	2021-09-28 14:07:26 +02:00
Janne Heß	77d0fa5920	Simplify age logic in sops-install-secrets	2021-09-24 12:09:54 +02:00
Janne Heß	f636296aff	Switch the libs to now external ones	2021-09-24 12:09:53 +02:00
Janne Heß	6c916c1f57	Add a converter from private ssh keys to age	2021-09-24 12:09:53 +02:00
Janne Heß	4568162629	Import age ssh keys by default	2021-09-24 12:09:53 +02:00
Janne Heß	c980f2547e	Add sops-ssh-to-age tool	2021-09-24 12:09:52 +02:00
Janne Heß	db8fcb50a3	Add support for ssh-generated age keys	2021-09-24 12:09:52 +02:00
Janne Heß	b21c0ce3a8	Group gnupg and age in the module	2021-09-24 12:09:52 +02:00
Janne Heß	f5a2ba217b	Add age support	2021-09-24 12:09:52 +02:00
Janne Heß	ebfa120b52	Fix pipeline on unstable	2021-09-17 21:08:34 +02:00
Jörg Thalheim	3e2aefbc61	switch to maintained openpgp library	2021-08-29 15:24:07 +02:00
Jörg Thalheim	34a650555e	fix nixos-test We no longer require membership in keys group.	2021-07-03 08:20:27 +02:00
Jörg Thalheim	73e19bf11b	Replace sops-gpg-hook with sops-import-keys-hook	2021-07-03 08:08:38 +02:00
Jörg Thalheim	351c716739	allow non-key group users to access /run/secrets This does not significantly decrease security while making it a lot more convinient. There are also services, where it is not possible to set the keys group i.e. if a daemon unsets all groups. Processes still won't be able to list other secrets if they are not in the secret group. fixes #86	2021-06-05 17:59:22 +02:00
Jörg Thalheim	f540b74ced	remove ssh-to-pgp from sops-nix	2021-02-22 06:49:46 +01:00
Nicolas Berbiche	a3b53c6087	Fix sops-pgp-hook erroring in a strict shell	2021-02-08 15:49:30 -05:00
Jörg Thalheim	d665aecd88	fix 32-bit build	2021-02-01 13:50:17 +01:00
Bernardo Meurer	dd7dfdcb6a	pkgs: don't reference deprecated stdenv.lib `stdenv.lib` has been deprecated in favor of using `lib` directly.	2021-01-31 18:02:23 -08:00
Jörg Thalheim	4de7358a2b	only mount ramfs once	2021-01-28 22:36:12 +01:00
Jörg Thalheim	47a99b6957	Merge branch 'master' into lists	2021-01-27 06:23:50 +00:00
Jörg Thalheim	80ad73c347	fix sops files that contains lists fixes #68	2021-01-27 07:22:56 +01:00
Eduard Bopp	0be44e088b	Fix impurity in test invocation The system must be specified, as its default is `builtins.currentSystem`, which is disallowed as an impure function during flake evaluation.	2021-01-26 15:48:56 +01:00
Martin Potier	40f42e95b6	Keep the original shellHook if it is set	2021-01-07 16:24:18 +02:00
Jörg Thalheim	9b65d30bad	ssh-to-pgp: fix tests	2020-12-15 04:05:56 +01:00
Jörg Thalheim	378fe484f9	fix sops-install-secrets with nixpkgs unstable	2020-11-18 16:08:59 +01:00
Jörg Thalheim	c7826f534e	parallelize CI	2020-11-13 12:54:33 +01:00
Cole Mickens	24fd158fe6	sops-install-secrets: symlinkSecret: set uid/gid (with Fchownat) (#32 ) Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>	2020-08-24 09:24:43 +01:00
Jörg Thalheim	7d2b22a18d	sops-install-secrets: disable tests	2020-08-10 18:22:59 +01:00
Jörg Thalheim	32c42617e4	sshkeys: use %w in fmt.Errorf calls	2020-07-30 16:22:43 +01:00
Jörg Thalheim	df86cc4e71	ssh-to-pgp: use %w for fmt.Errorf calls	2020-07-30 16:21:47 +01:00
Jörg Thalheim	01e4038c9a	don't print full executable path logging key import	2020-07-30 16:19:51 +01:00
Jörg Thalheim	9cd8bb080f	sops-install-secrets: use %w for fmt.Errorf calls	2020-07-30 16:19:14 +01:00
Jörg Thalheim	59e6df1acf	sops-init-gpg-key: include hostname on darwin	2020-07-23 08:45:32 +01:00
Jörg Thalheim	98afd85ef8	sops-ini-gpg-key: add install check	2020-07-23 08:20:08 +01:00
Jörg Thalheim	b8d91d61ac	restrict sops-install-secrets to linux ramfs is not available elswhere.	2020-07-22 23:46:05 +01:00

1 2

85 commits