In reply to @xxxcrow:matrix.org
I'm currently using sops-nix for managing secrets
And i've got a yubikey
But i can't find any documentation for sops, so i started looking into other options
What is like the best option to manage secrets on nixos with a yubikey? 😅

In reply to @happyalu:matrix.org
I was using git-crypt with yubikey before, and just switched to sops-nix.

In reply to @oddlama:matrix.org
Do you want to use your yubikey to decrypt on system activation, or do you want to use it to store encrypted secrets in your repository which are then rekeyed for the host before deploying?

In reply to @xxxcrow:matrix.org
Is yubikey working for you right now?
If yes, can you show me the way to do this, please, i can't find clues 💀

I'm using gpg on my yubikey to encrypt secrets in the repo. sops-nix decrypts them at system activation. Yubikey is not (needeed to be) present during the activation. Not sure if that matches with what you are trying to do.

I found these resources helpful:

1. create ECC based gpg key. https://illuad.fr/2020/10/06/build-an-openpgp-key-based-on-ecc.html
2. add the key to yubikey. https://illuad.fr/2020/10/07/store-openpgp-keys-on-a-yubikey.html

After that I just followed the sops-nix readme to add my gpg key fingerprint to the .sops.yaml file.