clan/clan-core
11
2
Fork 13
Code Issues 91 Pull Requests 6 Actions Packages Projects 1 Releases Wiki Activity

add nixos integration example
All checks were successful
checks-impure / test (pull_request) Successful in 9s
Details
checks / test (pull_request) Successful in 21s
Details

Browse Source
This commit is contained in:
Jörg Thalheim 2023-09-22 12:04:13 +02:00
parent f350bfd7fd
commit 3b810b074c
1 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
docs/secrets-management.md
View File

@ -135,8 +135,25 @@ For convenience, Clan CLI allows group creation to simplify access management. H
# NixOS integration
A NixOS machine will automatically import all secrets that were encrypted for the same.
At runtime it will
A NixOS machine will automatically import all secrets that are encrypted for the
current machine. At runtime it will use the host key to decrypt all secrets into
a in-memory, non-persistent filesystem using
[sops-nix](https://github.com/Mic92/sops-nix). In your nixos configuration you
can get a path to secrets like this `config.sops.secrets.<name>.path`. Example:
```nix
{ config, ...}: {
sops.secrets.my-password.neededForUsers = true;
users.users.mic92 = {
isNormalUser = true;
passwordFile = config.sops.secrets.my-password.path;
};
}
```
See the [readme](https://github.com/Mic92/sops-nix) of sops-nix for more
examples.
# Importing existing sops-based keys / sops-nix