Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secrets injection using sops-nix after the switch is done. #6527

Open
niksingh710 opened this issue Feb 24, 2025 · 0 comments
Open

Secrets injection using sops-nix after the switch is done. #6527

niksingh710 opened this issue Feb 24, 2025 · 0 comments
Assignees
@rycee @sumnerevans @berbiche
Labels
feature request

Comments

@niksingh710
Copy link

Mic92/sops-nix#728 (comment)

as this issue mentions the required case of injecting a value from sops-nix.
sops exposes a file path that contains tha key.
cat file/path reveals the secret.

rn it is possible to inject that value in a config file by using runCommand but that changes whole content of the file making other options related to that config useless.

my proposal is that home-manager option value can accept sops path.

nix.settings = {
    experimental-features = [ "nix-command" "flakes" ];
    show-trace = true;
    secret = home-manager.lib.fetchSecret config.sops.secret.path;
  };

if the secret path is valid then secret key is set in the final config, and if path is invalid then that entry is ignored. (this is done after the build is done and in repl secret should show a Secret type enum for secret)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rycee rycee

@sumnerevans sumnerevans

@berbiche berbiche

Labels
feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rycee @sumnerevans @berbiche @niksingh710