Sender | Message | Time |
---|---|---|
12 Sep 2024 | ||
ok let me see if I can figure that out | 04:20:08 | |
agenix -e somefile.age <<< mywallpaper.jpg | 07:01:42 | |
? | 07:01:43 | |
goodlander: tagging you in case you don't get notifications. Might work. :) | 07:21:39 | |
In reply to @eyjhb:eyjhb.dkThis just encrypted the string "mywallpaper.jpg" however this did appear to work: cat mywallpaper.jpg | agenix -e somefile.age | 15:26:59 | |
Eh, I guess I fucked my brackets up. Thought I would be cool with my <<< :D Glad it worked out however. | 15:40:59 | |
Now that I'm trying to do a rebuild I get this: error: access to absolute path '/run/agenix/mywallpaper' is forbidden in pure eval mode (use '--impure' to override) | 18:56:59 | |
23:14:56 | ||
13 Sep 2024 | ||
Sounds like you're using the path as a file as the input to some builder. You should only use it as a string. | 00:57:24 | |
09:28:37 | ||
14:20:58 | ||
hello is it fine to store encrypted secrets on a public github repo ? | 14:22:51 | |
Yes | 14:36:58 | |
Depends on your threat model. | 14:49:27 | |
14 Sep 2024 | ||
11:30:48 | ||
15 Sep 2024 | ||
Surely I'll not be the first one to do this. I have an existing setup of gpg keys, that I have backed up various places. I would like to use my gpg keys w/ agenix, in case I loose my ssh key. So, my thinking is to generate a age key, encrypt that with my gpg key, and place inside the repo. So in case I fuck something up, I can always decrypt it, and get access to my secrets. Does this sound 100% idiotic? Am I missing something? | 10:42:49 | |
* Surely I'll not be the first one to do this. I have an existing setup of gpg keys, that I have backed up various places. I would like to use my gpg keys w/ agenix, in case I lose my ssh key. So, my thinking is to generate a age key, encrypt that with my gpg key, and place inside the repo. So in case I fuck something up, I can always decrypt it, and get access to my secrets. Does this sound 100% idiotic? Am I missing something? | 10:45:51 | |
I don't think that sounds completely insane but also yuck | 10:46:19 | |
Perfect, that's just what I was going for. | 10:47:23 | |
I looked into using sops-nix, as I could use my gpg key there, but it feels very complex compared to what I need. agenix is just very very KISS in that regards. The only other thing I considered, was adding a age key to my yubikey, but then I would need to have N times age secrets to manage. | 10:48:31 | |
But granted, managing GPG keys is usually quite yuck. | 10:48:45 | |
In reply to @ryantm:matrix.orgI guess this would require you to touch the file first, maybe? | 12:16:04 | |
Because you can't edit a file, which does not exists. Or rather, when you do agenix -e somefile.age , it will try to find the file in the secrets.nix file, and THEN IF it is in there, you can edit it. Otherwise you get a "attribute missing" error. | 12:20:10 | |
16 Sep 2024 | ||
19:56:14 | ||
17 Sep 2024 | ||
02:46:19 | ||
hihihi, i am switching a ton of my stuff over to agenix. quick question though. How can I properly use a nix file as a secret. For instance. I have a wifi-passwords.nix, with declarations for each network and such. And I import it and such. But the thing is that I have to build my system, restart agenix. make sure the secret is there. and then uncomment the part referencing the secret. | 02:47:53 | |
hihihi, i am switching a ton of my stuff over to agenix. quick question though. How can I properly use a nix file as a secret. For instance. I have a wifi-passwords.nix, with declarations for each network and such. And I import it and such. But the thing is that I have to build my system, restart agenix. make sure the secret is there. and then uncomment the part referencing the secret. Is there a better way of doing this? | 02:48:00 | |
hihihi, i am switching a ton of my stuff over to agenix. quick question though. How can I properly use a nix file as a secret. For instance. I have a wifi-passwords.nix, with declarations for each network and such. And I import it and such. But the thing is that I have to build my system, restart agenix. make sure the secret is there. and then uncomment the part referencing the secret. Is there a better way of doing this? There are some options that just require an actual string. not a file. I'm doing the best I can :( | 02:48:47 | |
You could just use git-crypt or something for those | 04:53:37 | |
Since you're doing impure anyway | 04:53:41 |