From 81c83679dcb73c58b651f2fd66e74c82bc7450b5 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Mon, 16 Dec 2024 17:04:38 -0800 Subject: add some notes about secrets --- README.org | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'README.org') diff --git a/README.org b/README.org index 377e658..828bb77 100644 --- a/README.org +++ b/README.org @@ -1,5 +1,31 @@ Tools, scripts, and configurations for my machines. +* Secret management with =agenix= +We use =agenix= to manipulate our secrets. +** Create a new secret +To create a new secret: +#+begin_src sh +cd ../secrets +agenix -e .age +#+end_src +** Manage the secrets +In [[file+sys:../secrets/secrets.nix][secrets.nix]] you need to add the secret and who need to have access to it. + +In the configuration for one of the host, you'll then need to add: +#+begin_src nix +age.secrets.restic = { + file = ../../../secrets/restic-backups.age; + owner = "root"; + group = "root"; + path = "/etc/restic/secret"; + mode = "600"; +}; +#+end_src +** Edit secrets +This is the easiest command to work with 1password: +#+begin_src sh +agenix -e restic-backups.age -i (op read "op://Personal/nixos/private key?ssh-format=openssh"|psub) +#+end_src * Services ** ddns-updater This service runs on =vm-synology=. -- cgit 1.4.1