Comparison of secret managing schemes: Difference between revisions
imported>Lucc |
imported>Lucc |
||
Line 132: | Line 132: | ||
| | | | ||
| | | | ||
| uses [https://www.passwordstore.org/ the password store] (aka {{ic|pass}}) which | | uses [https://www.passwordstore.org/ the password store] (aka {{ic|pass}}) which uses gpg | ||
uses gpg | |||
| no | | no | ||
| | | | ||
Line 139: | Line 138: | ||
| {{ic|builtins.readfile}} | | {{ic|builtins.readfile}} | ||
{{ic|builtins.exec}} | {{ic|builtins.exec}} | ||
discussion | discussion [https://discourse.nixos.org/t/using-an-external-secret-file-in-a-nix-sandboxed-build/3274 on discourse] about build time secrets | ||
[https://discourse.nixos.org/t/using-an-external-secret-file-in-a-nix-sandboxed-build/3274 on discourse] | | {{ic|builtins.readfile}} can read any file, {{ic|builtins.exec}} can execute commands and thus query any kind of database or password manager etc. | ||
about build time secrets | |||
| {{ic|builtins.readfile}} can read any file, {{ic|builtins.exec}} can execute commands and thus query any kind of database or | |||
| these functions return values in a nix expression, it is up to the user what happens to these values in {{ic|configuration.nix}} | | these functions return values in a nix expression, it is up to the user what happens to these values in {{ic|configuration.nix}} | ||
| see "build time" | | see "build time" |