Comparison of secret managing schemes: Difference between revisions

← Older editNewer edit →
VisualWikitext
imported>Ryantm
No edit summary
imported>Ryantm
No edit summary
Line 58: Line 58:
| ''N/A'' the user has to run {{ic|nixops
| ''N/A'' the user has to run {{ic|nixops
send-keys}} to create these files after a reboot (not required after every reboot if destDir is persistent storage)  
send-keys}} to create these files after a reboot (not required after every reboot if destDir is persistent storage)  
| unencrypted in {{ic|/run/keys/...} or destDir
| unencrypted in {{ic|/run/keys/...}} or configured path
| yes
| yes
| "out of band", secret management happens outside of {{ic|nixos-rebuild}}
| "out of band", secret management happens outside of {{ic|nixos-rebuild}}
|-
|-
| [https://github.com/ryantm/agenix agenix]
| [https://github.com/ryantm/agenix agenix]
| `agenix` CLI encrypts with the user and host ssh key
| {{ic|agenix}} CLI encrypts with the user and host ssh key
|  
|  
| encrypted
| encrypted
Retrieved from "https://wiki.nixos.org/wiki/Comparison_of_secret_managing_schemes"