fujin/nixarr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated the wiki

Browse Source
This commit is contained in:
rasmus-kirk
2024-03-04 00:44:56 +01:00
parent 6c4d0472b9
commit adbe93debe
3 changed files with 25 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/wiki/secrets/index.md
+9 -7
View File
@@ -37,16 +37,18 @@ And set the accompanying Nixarr option:
};
```
**Note:** This is impure, meaning that since the file is not part of the
nix store, a nixos rollback will not restore a previous secret. This also
means you have to rebuild Nixos using the `--impure` flag set.
**Note:** This is "impure", meaning that since the file is not part of the nix
store, a nixos rollback will not restore a previous secret (not a big problem
if the secrets are not changed often). This also means you have to rebuild Nixos
using the `--impure` flag set.
## Agenix - A Path to Purity
The "right way" to do secret management is to have your secrets
encrypted in your configuration directory. This can be accomplished using
The "right way" to do secret management is to have your secrets encrypted in
your configuration directory. Doing it this way is "pure", and rollbacks
will once again function correctly. This can be accomplished using
[agenix](https://github.com/ryantm/agenix). I won't go into the details of how
to set it up since it's a more complex solution than the one above. However,
including the right way doing it should help you if you're a more advanced
user and want to do things the "right way".
if you're a more advanced user and want to do things the "right way", then
check out their documentation.