26 Apr 2025 |
K900 | You add it as an argument | 07:07:15 |
mmkaram | okaaaay, and I can access the path from that I think, config.age.secrets.whatever.path
| 07:11:33 |
mmkaram | how would I get what's actually in the value | 07:11:51 |
mmkaram | builtins.readFile?
| 07:11:56 |
K900 | That would entirely break the security model of agenix | 07:12:22 |
mmkaram | right yeah that makes sense | 07:12:35 |
K900 | The whole point of agenix is that your secrets are never visible at eval time | 07:12:36 |
mmkaram | realized that after I wrote that message | 07:12:59 |
mmkaram | how do most people go about reading the value | 07:13:08 |
K900 | You don't | 07:13:12 |
K900 | You need the application to read that file at runtime | 07:13:20 |
K900 | Somehow | 07:13:26 |
K900 | How exactly depends on the application | 07:13:34 |
mmkaram | interesting | 07:14:31 |
| ruby joined the room. | 14:41:13 |
@r522:matrix.org | generally speaking, services that handle secrets will let you pass them as a file (as in, you enter the filename) like my listenbrainz-mpd config
services.listenbrainz-mpd = {
enable = true;
settings = {
submission = {
token_file = config.age.secrets.listenbrainz-mpd-token.path;
};
};
};
| 20:21:58 |
tebriel | and sometimes they don't and you have to bend over backwards to find a way to inject them in another manner! (I feel icky about this script I wrote)
xdg.configFile."mcphub/servers.json" = {
source = jsonFormat.generate "servers.json" {
mcpServers = {
github-mcp = {
command = lib.getExe (
pkgs.writeShellApplication {
name = "github-mcp-server";
runtimeInputs = [pkgs-unstable.github-mcp-server];
text = ''
GITHUB_PERSONAL_ACCESS_TOKEN=$(cat ${osConfig.age.secrets."github-mcp-token".path})
export GITHUB_PERSONAL_ACCESS_TOKEN
${lib.getExe pkgs-unstable.github-mcp-server} "$@"
'';
}
);
args = ["stdio"];
env = {};
};
};
};
};
| 20:41:54 |
27 Apr 2025 |
| bitfoo changed their display name from luzifer2222 to bitfoo. | 17:17:52 |
30 Apr 2025 |
| Edward Hesketh joined the room. | 20:05:01 |
1 May 2025 |
| Rosuavio changed their display name from Rosario Pulella to Rosuavio. | 20:08:35 |
3 May 2025 |
| harm94 joined the room. | 09:34:17 |
harm94 | I have this error and I don't understand it. Is there anybody who can help me?
[harm@aio:~/projects/nixos/secrets]$ cat secrets.nix
let
aio = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG0/2T/L1gv2z0pNG7qZqmYxkHN8vMI77NVjvXUM/jFk";
laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFBEV2FKHC4sP0brw8xqSHY5A6HXrwYGysYjCX4A9y2/";
systems = [ aio laptop ];
in
{
"openai_api_key.age".publicKeys = systems;
}
[harm@aio:~/projects/nixos/secrets]$ agenix -v -e openai_api_key.age
Error:
0: Failed to find config root
Location:
src/cli.rs:216
| 09:37:41 |
harm94 | It was because I had installed agenix from unstable. Now it works.
# unstable.agenix-cli
(pkgs.callPackage <agenix/pkgs/agenix.nix> {})
| 09:56:59 |
4 May 2025 |
| fwam changed their profile picture. | 14:16:16 |
| Sam changed their display name from Sam (away → 5/5) to Sam. | 15:42:04 |
5 May 2025 |
| titaniumtown changed their display name from titaniumtown (they/them) to titaniumtown. | 20:42:47 |
6 May 2025 |
| birdadmirer joined the room. | 18:48:44 |
| pinkybrain joined the room. | 22:55:21 |
7 May 2025 |
| @nemnix:matrix.org joined the room. | 14:51:41 |
@nemnix:matrix.org | Redacted or Malformed Event | 14:53:19 |