Comparison of secret managing schemes: Difference between revisions
m →Comparison: fix table |
recommend agenix and sops-nix before getting into the nitty-gritty details. |
||
| Line 4: | Line 4: | ||
While this paradigm is still available to NixOS users, a Nix-managed system is in an unique position to leverage <b>secret managing schemes</b>: special software capable of deploying secret information securely. Instead of writing the secret information unencrypted to a NixOS configuration, the software described below can decrypt the relevant secrets and deploy them at various stages of the NixOS system deployment process. This advanced form of secrets configuration is even more important for NixOS configurations tracked with Git or [[Flakes]], as one will be able to store these encrypted secrets in the Git repository and still be able to upload the repository on the public Internet. | While this paradigm is still available to NixOS users, a Nix-managed system is in an unique position to leverage <b>secret managing schemes</b>: special software capable of deploying secret information securely. Instead of writing the secret information unencrypted to a NixOS configuration, the software described below can decrypt the relevant secrets and deploy them at various stages of the NixOS system deployment process. This advanced form of secrets configuration is even more important for NixOS configurations tracked with Git or [[Flakes]], as one will be able to store these encrypted secrets in the Git repository and still be able to upload the repository on the public Internet. | ||
The most popular options for secrets management are [[Agenix]], [https://github.com/Mic92/sops-nix sops-nix] or the secrets management solution native to the deployment tool you chose. Below follows a more in-depth comparison including less well-known solutions. | |||
== Definitions == | == Definitions == | ||