Comparison of secret managing schemes: Difference between revisions
imported>Ryantm No edit summary |
imported>Ryantm No edit summary |
||
Line 114: | Line 114: | ||
| plain text file (unencrypted), can be stored in git | | plain text file (unencrypted), can be stored in git | ||
| encryption | | encryption | ||
| encrypted | | encrypted in the store | ||
| decrypted by a systemd unit | | decrypted by a systemd unit | ||
| | | | ||
| no, [https://christine.website/blog/nixos-encrypted-secrets-2021-01-20 blog], | | no, [https://christine.website/blog/nixos-encrypted-secrets-2021-01-20 blog], | ||
and [https://github.com/Xe/nixos-configs/blob/master/common/crypto/default.nix config repository] | and [https://github.com/Xe/nixos-configs/blob/master/common/crypto/default.nix config repository] | ||
| | | Warning: plaintext is unencrypted in the nix store of the deployment machine | ||
|- | |- | ||
| [https://elvishjerricco.github.io/2018/06/24/secure-declarative-key-management.html Blog entry 2] | | [https://elvishjerricco.github.io/2018/06/24/secure-declarative-key-management.html Blog entry 2] |