Agenix: Difference between revisions
imported>Onny mNo edit summary |
imported>Onny Add example sourcing files |
||
| Line 90: | Line 90: | ||
Here, the service [[Nextcloud]] requires a password for the administrator account. In this case, the password is stored in an age-encrypted file, so no plaintext passwords will be copied into your world-readable Nix-store. We configure <code>owner</code> and <code>group</code> names to <code>nextcloud</code> so that the webservice has the permissions to read the password wile. | Here, the service [[Nextcloud]] requires a password for the administrator account. In this case, the password is stored in an age-encrypted file, so no plaintext passwords will be copied into your world-readable Nix-store. We configure <code>owner</code> and <code>group</code> names to <code>nextcloud</code> so that the webservice has the permissions to read the password wile. | ||
Secrets can be also deployed as file with specific permissions to a target path. In this example the secret is sourced to <code>/home/myuser/.netrc<code> and permissions are set that only <code>myuser</code> is able to read and write the file | |||
<syntaxhighlight lang="nix"> | |||
age.secrets = { | |||
netrc = { | |||
file = ./secrets/netrc.age; | |||
path = "/home/myuser/.netrc"; | |||
owner = "myuser"; | |||
group = "users"; | |||
mode = "600"; | |||
}; | |||
}; | |||
</syntaxhighlight> | |||
== See also == | == See also == | ||