Agenix: Difference between revisions
imported>Dafitt Alternate way to access secrets inside container |
configuration to support agenix with impermanence |
||
| Line 172: | Line 172: | ||
For this workaround you'll have to rebuild twice and reference the secret <code>/etc/initrd-hostkey</code> only after the file is created. | For this workaround you'll have to rebuild twice and reference the secret <code>/etc/initrd-hostkey</code> only after the file is created. | ||
=== Agenix with Impermanence === | |||
If your system is configured to be [[Impermanence|impermanent]], then it's possible the system's ssh keys won't yet be available during boot to decrypt secrets. The solution is to manually set <code>age.identityPaths</code> to the persistent paths of your keys. | |||
<syntaxhighlight lang="nix"> | |||
# Direct path to persistent location of system ssh keys | |||
age.identityPaths = [ | |||
"/persist/etc/ssh/ssh_host_ed25519_key" | |||
"/persist/etc/ssh/ssh_host_rsa_key" | |||
]; | |||
</syntaxhighlight> | |||
== See also == | == See also == | ||