| 21 Dec 2025 |
 Acid Bong | In reply to @jakehamilton:auxolotl.org
Ah I don't, I am not a fan of agenix and other existing secret solutions due to the manual work required :( what kinda manual work? is it about setting up ssh host keys on a new machine to decrypt the secrets? | 13:49:40 |
 jakehamilton | In reply to @acidbong:envs.net
what kinda manual work? is it about setting up ssh host keys on a new machine to decrypt the secrets? Rekeying, managing keys for different machines, etc. There are still quite a few manual steps which I feel like shouldn't be necessary. | 13:52:18 |
| jakehamilton | Plus the issue of secrets being checked into git (even if encrypted). I think we can do better than that as well. | 13:53:04 |
 tc424 (Steve D) | Added npins add container, which allows pinning OCI containers
Ooooooooh ... | 13:54:11 |
| jakehamilton | In reply to @srtcd424:auxolotl.org
Added npins add container, which allows pinning OCI containers
Ooooooooh ... I wonder if this is specific to container images or if any artifact on an OCI registry can be pinned this way. Helm charts, for example! | 13:56:32 |
| tc424 (Steve D) | I'm currently skimming it - https://github.com/andir/npins/pull/145/files | 13:57:04 |
| jakehamilton | In reply to @srtcd424:auxolotl.org
I'm currently skimming it - https://github.com/andir/npins/pull/145/files Same, seems to call out to nix-prefetch-docker | 13:57:49 |
| jakehamilton | https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/docker/nix-prefetch-docker | 13:58:09 |
| tc424 (Steve D) | yeah, which is something else I didn't know existed :) | 13:59:29 |
