| 3 Feb 2025 |
|  cameronraysmith joined the room. | 05:06:26 |
|  Gus joined the room. | 06:05:32 |
| Gus | Anyone have good patterns for decrypting "secrets" for eval-time configuration? E.g. I want to set services.caddy.virtualHosts.foo.hostName = "foo.${myTailnet}". I don't care about myTailnet being in the nix store but I would prefer that it's not plaintext in my git repo | 06:13:21 |
| Gus | I saw that maybe scalpel can solve this? | 06:13:42 |
| Gus | wondering if there is a straightforward way that people recommend :) | 06:14:03 |
| 9 Feb 2025 |
 LordKekz | Nix doesn't have eval-time secrets. But if you just want to avoid putting some variables in a public repo, you can make a separate private repo on your git forge of choice and add it as a flake input.
You will then need to provide credentials to the private repo, e.g. via ~/.config/nix/nix.conf. | 22:21:01 |
 Alexandros Liarokapis | Redacted or Malformed Event | 23:23:30 |
| Alexandros Liarokapis | * If doing that be careful if you are in a multi-user setup | 23:23:40 |
| 11 Feb 2025 |
|  @lunchtime:envs.net left the room. | 19:07:58 |
| 14 Feb 2025 |
|  rane [they/them] joined the room. | 11:29:46 |
| 15 Feb 2025 |
|  BenjB83 joined the room. | 10:15:18 |
| BenjB83 changed their display name from BenjamÃn Buske to BenjB83. | 10:42:58 |
| 16 Feb 2025 |
 Waldemar Tomme (they/them) | Hi, I hope somebody here might be able to help me even though it might be slightly off-topic:
I just configured agenix-rekey for my secret management together with my yubikey. Everythings works, but I don't know whether my identity file is correct like this:
# Serial: XXXXXXXX, Slot: 1
# Name: age identity XXXXXXXX
# Created: Fri, 08 Nov 2024 18:38:59 +0000
# PIN policy: Never (A PIN is NOT required to decrypt)
# Touch policy: Cached (A physical touch is required for decryption, and is cached for 15 seconds)
# Recipient: age1yubikeyXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
AGE-PLUGIN-YUBIKEY-XXXXXXXXXXXXXXXXXXXXXX
As far as I understood this only contains public key information and is save to be committed (in theory publicly). If not how do I split the public and private part?
| 17:52:58 |
| Waldemar Tomme (they/them) | Well, as so often the case I found the answer/explanation. For anyone else interested in the future: https://github.com/str4d/age-plugin-yubikey/issues/179 | 19:05:30 |
