Comparison of secret managing schemes: Difference between revisions
add two opnix projects |
→Comparison: migrate changes from old wiki |
||
| Line 76: | Line 76: | ||
| yes | | yes | ||
| no | | no | ||
|- | |||
| [https://github.com/oddlama/agenix-rekey agenix-rekey] | |||
| extended agenix | |||
| | | | ||
| encrypted | |||
| decryption with the host ssh key | |||
| unencrypted in {{ic|/run/secrets/...}} or configured path | |||
| use with agenix, provides more convenience | |||
| yes | |||
| no | |||
|- | |||
| [https://github.com/yaxitech/ragenix ragenix] | |||
| encrypted raw files, {{ic|ragenix}} CLI encrypts with the user and host ssh key | |||
| | |||
| encrypted | |||
| decryption with the host ssh key | |||
| unencrypted in {{ic|/run/secrets/...}} or configured path | |||
| drop-in replacement of agenix, written in rust and based on age crate | |||
| yes | |||
| no | |||
|- | |- | ||
| [https://github.com/Mic92/sops-nix sops-nix] | | [https://github.com/Mic92/sops-nix sops-nix] | ||
| Line 121: | Line 140: | ||
| no | | no | ||
| Focuses on trying to keep secrets decrypted for a minimal amount of time | | Focuses on trying to keep secrets decrypted for a minimal amount of time | ||
|- | |||
| [https://github.com/milieuim/vaultix vaultix] | |||
| encrypted raw files like agenix | |||
| | |||
| encrypted | |||
| decryption with the host ssh key | |||
| unencrypted in specific paths | |||
| powered by [https://docs.rs/age/latest/age/ {{ic|rust age crate}}] | |||
| yes | |||
| yes | |||
|- | |- | ||
|[https://github.com/brizzbuzz/opnix brizzbuzz/opnix] | |[https://github.com/brizzbuzz/opnix brizzbuzz/opnix] | ||