Agenix: Difference between revisions
imported>Onny Add example sourcing files |
imported>Onny Add tips and tricks |
||
| Line 104: | Line 104: | ||
}; | }; | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== Tips and tricks == | |||
=== Replace inplace strings with secrets === | |||
Considering that there still might be some modules which doesn't support reading secrets from a file, you could provide a placeholder string instead of a clear-text password and replace this placeholder with the secret provided by Agenix. | |||
In the following example, the Dex module creates the config file <code>/run/dex/config.yaml</code> containing the placeholder string <code>@dex-user-password@</code>. The acitvation script will read the Agenix secret from <code>config.age.secret.dex-user-password.path</code> and replace the placeholder string with the actual secret. | |||
<syntaxhighlight lang="nix"> | |||
system.activationScripts."dex-user-secret" = '' | |||
secret=$(cat "${config.age.secrets.dex-user-password.path}") | |||
configFile=/run/dex/config.yaml | |||
${pkgs.gnused}/bin/sed -i "s#@dex-user-password@#$secret#" "$configFile" | |||
''; | |||
</syntaxhighlight> | |||
== See also == | == See also == | ||