Comparison of secret managing schemes: Difference between revisions
imported>Lucc |
imported>Ryantm No edit summary |
||
Line 57: | Line 57: | ||
| no, stored outside of the store (TODO more info) | | no, stored outside of the store (TODO more info) | ||
| ''N/A'' the user has to run {{ic|nixops | | ''N/A'' the user has to run {{ic|nixops | ||
send-keys}} to create these files after a reboot | send-keys}} to create these files after a reboot (not required after every reboot if `destDir` is persistent storage) | ||
| unencrypted in {{ic|/run/keys/...}} | | unencrypted in {{ic|/run/keys/...}} | ||
| yes | | yes | ||
Line 63: | Line 63: | ||
|- | |- | ||
| [https://github.com/ryantm/agenix agenix] | | [https://github.com/ryantm/agenix agenix] | ||
| | | `agenix` CLI encrypts with the user and host ssh key | ||
| | | | ||
| encrypted | | encrypted | ||
| decryption with the ssh | | decryption with the host ssh key | ||
| unencrypted in {{ic|/run/secrets/...}} | | unencrypted in {{ic|/run/secrets/...}} or configured path | ||
| yes | | yes | ||
| the underlying {{ic|age}} does not support {{ic|ssh-agent}} | | the underlying {{ic|age}} does not support {{ic|ssh-agent}} |