Anonymous user
Comparison of secret managing schemes: Difference between revisions
Comparison of secret managing schemes (view source)
Revision as of 02:22, 26 March 2021
, 26 March 2021no edit summary
imported>Ryantm No edit summary |
imported>Ryantm No edit summary |
||
| Line 58: | Line 58: | ||
| ''N/A'' the user has to run {{ic|nixops | | ''N/A'' the user has to run {{ic|nixops | ||
send-keys}} to create these files after a reboot (not required after every reboot if destDir is persistent storage) | send-keys}} to create these files after a reboot (not required after every reboot if destDir is persistent storage) | ||
| unencrypted in {{ic|/run/keys/...} or | | unencrypted in {{ic|/run/keys/...}} or configured path | ||
| yes | | yes | ||
| "out of band", secret management happens outside of {{ic|nixos-rebuild}} | | "out of band", secret management happens outside of {{ic|nixos-rebuild}} | ||
|- | |- | ||
| [https://github.com/ryantm/agenix agenix] | | [https://github.com/ryantm/agenix agenix] | ||
| | | {{ic|agenix}} CLI encrypts with the user and host ssh key | ||
| | | | ||
| encrypted | | encrypted | ||