[Nix-dev] NixOps - secret/credentials management

[Peter Simons]

Hi Oliver,

 > One option is to introduce these credentials as parameters to your network
 > evaluation:
 >
 > { secretCertificate }:
 > {
 >   web = { ... } : ...
 > }
 >
 > Then you will need to set this parameter when you do deployments in order to
 > evaluate the network expression and perform deployments.

I am sorry if I'm missing something terribly obvious, but I wonder how
that helps getting the secret onto the deployed machines without having
it added to the Nix store? You cannot say something to the effect of
"store that information in /etc/my-secret" without going through a Nix
derivation somewhere, can you?

Best regards,
Peter