Comparison of secret managing schemes: Difference between revisions
imported>Ryantm No edit summary |
imported>Ryantm No edit summary |
||
| Line 57: | Line 57: | ||
| no, stored outside of the store (TODO more info) | | no, stored outside of the store (TODO more info) | ||
| ''N/A'' the user has to run {{ic|nixops | | ''N/A'' the user has to run {{ic|nixops | ||
send-keys}} to create these files after a reboot (not required after every reboot if | send-keys}} to create these files after a reboot (not required after every reboot if destDir is persistent storage) | ||
| unencrypted in {{ic|/run/keys/...} or | | unencrypted in {{ic|/run/keys/...} or destDir | ||
| yes | | yes | ||
| "out of band", secret management happens outside of {{ic|nixos-rebuild}} | | "out of band", secret management happens outside of {{ic|nixos-rebuild}} | ||