Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Secrets

Secrets are managed with SOPS-nix using age encryption.

Setup

  • Each host has its own age key
  • Encrypted secret files live in secrets/ directories and any files matching secret.*
  • The .sops.yaml file at the repo root defines which age keys can decrypt which secrets

Usage

Encrypted files are automatically decrypted at activation time by sops-nix and made available to NixOS/Home Manager modules as paths under /run/secrets/.

Refer to the sops-nix documentation for creating and editing secrets.