Comparison of secret managing schemes: Difference between revisions
imported>Lucc (put in some info) |
imported>Lucc |
||
Line 23: | Line 23: | ||
; scheme | ; scheme | ||
: the name of the scheme, if possible a link to the official website or source, maybe a short description | : the name of the scheme, if possible a link to the official website or source, maybe a short description | ||
; pre build | |||
: Where does the secret reside before the configuration is build? In a file, in a nix expression, in an external database (password manager)? Is it encrypted? | |||
; build time | |||
: what happens at build time, is the secret decrypted or encrypted, which master passwords, passphrases or helper programs are needed | |||
; in the store (on disk) | |||
: Is the data stored in {{ic|/nix/store}} after the build? Is it encrypted. This has implications for reproducability. If a secret is not stored in the nix store it might be more difficult to recreate an old system configuration | |||
; system activation | |||
: what happens to the data at system activation, that is at boot time or when {{ic|nixos-rebuild switch}} or {{ic|--rollback}} is executed | |||
; runtime | |||
: where does the secret reside after system activation, is it encrypted, who can read it | |||
; "official" project | ; "official" project | ||
: whether this is a software project | : whether this is a published software project (maybe even actively developed) or just some notes in a forum or a blog entry | ||
TODO: more (when the table takes shape) | TODO: more (when the table takes shape) |