History

Timothy DeHerrera bf34d2071f doc: new mdbook documentation		2021-02-14 02:46:05 -07:00
..
.gitattributes	doc: new mdbook documentation	2021-02-14 02:46:05 -07:00
README.md	doc: new mdbook documentation	2021-02-14 02:46:05 -07:00

README.md

Secrets

Secrets are managed using git-crypt so you can keep your flake in a public repository like GitHub without exposing your password or other sensitive data.

By default, everything in the secrets folder is automatically encrypted. Just be sure to run git-crypt init before putting anything in here.

Note:

Currently, there is no mechanism in nix to deploy secrets within the nix/store so, if they end up in the nix/store after deployment, they will be world readable on that machine.

The author of nixflk intends to implement a workaround for this situation in the near future, but for the time being, simple be aware of this.