clan/clan-core
11
2
Fork 13
Code Issues 90 Pull Requests 4 Actions Packages Projects 1 Releases Wiki Activity

add nixos integration example
All checks were successful
checks-impure / test (pull_request) Successful in 9s
Details
checks / test (pull_request) Successful in 21s
Details

Browse Source
This commit is contained in:
Jörg Thalheim 2023-09-22 12:04:13 +02:00
parent f350bfd7fd
commit 3b810b074c
1 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
docs/secrets-management.md
View File

@ -135,8 +135,25 @@ For convenience, Clan CLI allows group creation to simplify access management. H
# NixOS integration # NixOS integration
A NixOS machine will automatically import all secrets that were encrypted for the same. A NixOS machine will automatically import all secrets that are encrypted for the
At runtime it will current machine. At runtime it will use the host key to decrypt all secrets into
a in-memory, non-persistent filesystem using
[sops-nix](https://github.com/Mic92/sops-nix). In your nixos configuration you
can get a path to secrets like this `config.sops.secrets.<name>.path`. Example:
```nix
{ config, ...}: {
sops.secrets.my-password.neededForUsers = true;
users.users.mic92 = {
isNormalUser = true;
passwordFile = config.sops.secrets.my-password.path;
};
}
```
See the [readme](https://github.com/Mic92/sops-nix) of sops-nix for more
examples.
# Importing existing sops-based keys / sops-nix # Importing existing sops-based keys / sops-nix