Comparison of secret managing schemes: Difference between revisions
recommend agenix and sops-nix before getting into the nitty-gritty details. |
mNo edit summary |
||
| Line 175: | Line 175: | ||
| The referenced NixOS Discourse discussion is about a signing key that is only needed during build time and should not be stored in the nix store at all. | | The referenced NixOS Discourse discussion is about a signing key that is only needed during build time and should not be stored in the nix store at all. | ||
|- | |- | ||
| [https://mrvandalo.github.io/nixos-artifacts/nixos-artifacts/latest/ nixos-artifacts] | |||
| depends on backend | |||
| artifacts cli is needed most of the time, but built-time depends on chosen backends | |||
| depends on backend | |||
| depends on backend | |||
| depends on backend | |||
| depends on backend | |||
| Yes | |||
| No (but planed) | |||
| Backend agnostic secret manager. Unified secret definition and backend configuration managed differently from another. | |||
|- | |||
! Scheme | ! Scheme | ||
! Pre-build | ! Pre-build | ||