[Nix-dev] NixOps - merge config files
4levels
4levels at gmail.com
Thu Jun 9 17:03:29 CEST 2016
Hi Kevin,
I'm very curious how you setup sensitive information using deployment.keys
This still seems like the best option to do this, but I failed to get it
working..
Could you be so kind to post a small example, showing how you define the
keys and use them in functions that generate eg. a config file?
Kind regards,
Erik
On Thu, Jun 9, 2016 at 4:30 PM Kevin Cox <kevincox at kevincox.ca> wrote:
> On 09/06/16 10:21, 4levels wrote:
> > Hi Nix Devs,
> >
> > I've tried using the deployment.keys but that seems to be only there for
> > user accounts and not for custom configurations. As I need multiple
> > keys for each platform (eg. symfony, wordpress - cipher, key, database
> > password, admin user password etc etc) it seems that deployment.keys
> > will not work for this purpose.
> >
>
> I don't know what you mean by "only there for user accounts". I use
> deployment.keys for most of the things you describe and it works fine.
>
> > I'm now resorting to using builtins.readFile and creating separate files
> > for the passwords in a folder I can then encrypt with git-crypt.
> > This way I'm also able to use conflicting nix characters in the
> > passwords as well.
>
> This seems like a different issue. Are you talking about keeping the
> keys private in the configuration or on the server (or both)?
>
> Although for keeping the keys private in the config I use git-crypt as
> well. I have a directory called "secrets" that I store the files in.
> Some I keep as text files and read using `builtins.readFile` and some I
> leave as nix expressions and simply import them.
>
> >
> > As a last question here I was wondering if there's a way to strip
> > trailing newlines when reading files with builtins.readFile as my IDE
> > keeps adding a newline at the end of each file when saving. I'll post a
> > new message here for this request as this is not relevant in this topic
> >
>
> Text files have newlines at the end 😉
>
> You can use lib.removeSuffix to drop that newline if it's a problem.
>
> Hope that helps, Kevin
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160609/f35be534/attachment-0001.html>
More information about the nix-dev
mailing list