Sops
For more information on how to use this module, see the Sops NixOS module documentation.
For extensive documentation, read the Readme on GitHub.
View the nix-core Home Manager module on GitHub.
1. Generate an age key
Take note of your public key. You can print it again with:
age-keygen -y ~/.config/sops/age/keys.txt
2. Edit .sops.yaml
This file manages access to all secrets in this repository (NixOS and Home Manager configurations).
Add your public key under keys and set creation rules for your config:
keys:
- &you age12zlz6lvcdk6eqaewfylg35w0syh58sm7gh53q5vvn7hd7c6nngyseftjxl
creation_rules:
- path_regex: users/you/home/secrets/secrets.yaml$
key_groups:
- age:
- *you
3. Create a secrets directory
This directory in your Home Manager configuration will hold your secrets and sops configuration.
4. Create a sops file
A sops file contains secrets in plain text. This file will then be encrypted with age. Make sure to follow the path regex in the creation rules.
# Files must always have a string value
example-key: example-value
# Nesting the key results in the creation of directories.
myservice:
my_subdir:
my_secret: password1
5. Deploy the secrets to the Nix store
Define your secrets under sops.secrets.
6. Reference secrets in your Home Manager configuration
Now you can use these secrets in your Home Manager configuration: