Inject SOPS-managed secrets into NixOS and Home Manager configs with sops-nix
Materialize age or PGP encrypted SOPS secrets inside declarative NixOS and Home Manager systems during activation without hand-copying values.
What it does
Inject SOPS-managed secrets into NixOS and Home Manager configs with sops-nix
Materialize age or PGP encrypted SOPS secrets inside declarative NixOS and Home Manager systems during activation without hand-copying values.
Prerequisites
NixOS or Home Manager configuration, sops-nix module, SOPS-encrypted secret files, age or PGP keys, Nix build and activation access
Installation
Requirements and caveats from upstream:
- This will otherwise cause sops to require multiple keys (shamir secret sharing)
- The easiest way to add new machines is by using SSH host keys (this requires OpenSSH to be enabled).
- The home-manager module requires systemd/user as it runs a service called sops-nix.service rather than an activation script.
Basic usage or getting-started notes:
-
There is a configuration.nix example in the deployment step of our usage example.
-
If you prefer video over the textual description below, you can also checkout this 6min tutorial by @vimjoyer.
- <details>
-
Extracted from upstream docs: https://raw.githubusercontent.com/Mic92/sops-nix/HEAD/README.md
Documentation
Source
Capabilities
Install
Quality
deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (1,447 chars)