Comparison of secret managing schemes: Difference between revisions

(One intermediate revision by one other user not shown)

Line 67:

|

|-

| ~~<code>~~[https://github.com/oddlama/agenix-rekey agenix-rekey]~~</code>~~

| [https://github.com/oddlama/agenix-rekey agenix-rekey]

| Extended <code>agenix</code>.

| N/A

Line 153:

|

|-

| [https://elvishjerricco.github.io/2018/06/24/secure-declarative-key-management.html Blog Entry]: wrapper around <code>pass</code> based on ~~<code>~~[https://github.com/shlevy/nix-plugins nix-plugins]~~</code>~~.

| [https://elvishjerricco.github.io/2018/06/24/secure-declarative-key-management.html Blog Entry]: wrapper around <code>pass</code> based on [https://github.com/shlevy/nix-plugins nix-plugins].

| Stored in [https://www.passwordstore.org/ the password store].

| Data is retrieved/decrypted with <code>pass</code> during evaluation time.

Line 175:

| The referenced NixOS Discourse discussion is about a signing key that is only needed during build time and should not be stored in the nix store at all.

|-

| [https://mrvandalo.github.io/nixos-artifacts/nixos-artifacts/latest/ nixos-artifacts]

| depends on backend

| artifacts cli is needed most of the time, but built-time depends on chosen backends

| depends on backend

| Yes

| No (but planed)

| Backend agnostic secret manager. Unified secret definition and backend configuration managed differently from another.

|-

! Scheme

! Pre-build

@@ Line 67: / Line 67: @@
 |
 |-
-| <code>[https://github.com/oddlama/agenix-rekey agenix-rekey]</code>
+| [https://github.com/oddlama/agenix-rekey agenix-rekey]
 | Extended <code>agenix</code>.
 | N/A
@@ Line 153: / Line 153: @@
 |
 |-
-| [https://elvishjerricco.github.io/2018/06/24/secure-declarative-key-management.html Blog Entry]: wrapper around <code>pass</code> based on <code>[https://github.com/shlevy/nix-plugins nix-plugins]</code>.
+| [https://elvishjerricco.github.io/2018/06/24/secure-declarative-key-management.html Blog Entry]: wrapper around <code>pass</code> based on [https://github.com/shlevy/nix-plugins nix-plugins].
 | Stored in [https://www.passwordstore.org/ the password store].
 | Data is retrieved/decrypted with <code>pass</code> during evaluation time.
@@ Line 175: / Line 175: @@
 | The referenced NixOS Discourse discussion is about a signing key that is only needed during build time and should not be stored in the nix store at all.
 |-
+| [https://mrvandalo.github.io/nixos-artifacts/nixos-artifacts/latest/ nixos-artifacts]
+| depends on backend
+| artifacts cli is needed most of the time, but built-time depends on chosen backends
+| depends on backend
+| depends on backend
+| depends on backend
+| depends on backend
+| Yes
+| No (but planed)
+| Backend agnostic secret manager. Unified secret definition and backend configuration managed differently from another.
+|-
 ! Scheme
 ! Pre-build