[Nix-dev] NixOps - secret/credentials management
Oliver Charles
ollie at ocharles.org.uk
Thu May 12 11:00:54 CEST 2016
You're right! I didn't entirely think that one through, shouldn't reply to
emails before my morning cup of coffee ;)
Ollie
On Thu, May 12, 2016 at 9:48 AM Peter Simons <simons at nospf.cryp.to> wrote:
> Hi Oliver,
>
> > One option is to introduce these credentials as parameters to your
> network
> > evaluation:
> >
> > { secretCertificate }:
> > {
> > web = { ... } : ...
> > }
> >
> > Then you will need to set this parameter when you do deployments in
> order to
> > evaluate the network expression and perform deployments.
>
> I am sorry if I'm missing something terribly obvious, but I wonder how
> that helps getting the secret onto the deployed machines without having
> it added to the Nix store? You cannot say something to the effect of
> "store that information in /etc/my-secret" without going through a Nix
> derivation somewhere, can you?
>
> Best regards,
> Peter
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160512/d12d8a02/attachment.html
More information about the nix-dev
mailing list