| 1 Jul 2025 |
 zororg | Note, I mean to say this only for my personal desktop nixos usage.
I'm no devops engineer or work with remote/kube/dockers for CI/cd or deployment works | 14:57:35 |
 K900 | GPG is terrible | 15:19:09 |
| K900 | Don't use GPG | 15:19:10 |
| zororg | Ah, Cool.
I don't want to waste your time much.
But may I know how?
I mean, how can I replace them by using age+sops or agenix?
cause I was trying to read as much as I could. I barely found 2-3 articles and some discussions | 15:21:00 |
| K900 | What problem are you trying to solve | 15:21:10 |
| K900 | And why | 15:21:12 |
| zororg | Actually no problem as of now.
I was trying to setup new nixos system, and thought to setup ssh and gpg. And then stumbled on declarative way of doing secrets via sops-nix or agenix.
Since then Idk what best setup I can do | 15:22:10 |
| zororg | My main usecase are: Normal desktop, git ssh pushes, managing passwords | 15:22:44 |
| K900 | Just get a yubikey and a password manager | 15:22:56 |
| zororg | yubikey is out of option for me. | 15:23:55 |
| K900 | Why? | 15:24:07 |
| zororg | I use keepassxc. Although my questions would, can sops+age replace gpg and keepass for me? | 15:24:27 |
| zororg | expensive, and I dont real usage with it for now. | 15:24:40 |
| K900 | No | 15:24:53 |
| zororg | * expensive, and I dont real usage with it for now. Maybe when I have too many setups and machines (one day...) | 15:24:54 |
| K900 | sops/age are the wrong tool for this | 15:24:59 |
| K900 | Entirely | 15:25:00 |
| K900 | And keepassxc has an SSH agent | 15:25:08 |
| K900 | So just keep using that | 15:25:10 |
| zororg | Then only use of them are in deployment? | 15:25:17 |
| K900 | Yes | 15:25:25 |
| zororg | ah, thats the conclusion I came to as well.
Simply use gnupg and keepass, right? | 15:26:11 |
| K900 | No gnupg | 15:26:25 |
| K900 | Just use keepass | 15:26:27 |
| zororg | then file encryption, git signing? | 15:26:50 |
| K900 | SSH signatures for git if you really want to | 15:27:25 |
| K900 | Though it's fine to just not | 15:27:28 |
| K900 | age for encrypting files if you really need something public key based | 15:27:41 |
| K900 | But honestly that's not a thing you generally want | 15:27:52 |
| zororg | sounds sensible. | 15:28:11 |
