Sops

Atomic secret provisioning for NixOS based on sops.

View the nix-core NixOS module on GitHub.

References

• GitHub

Config

flake.nix

inputs = {
  sops-nix.url = "github:Mic92/sops-nix";
  sops-nix.inputs.nixpkgs.follows = "nixpkgs";
};

Setup

Generate an age key for your host from its ssh host key:

nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'

Then, add it to .sops.yaml.

Host configuration:

No additional configuration is required. Each module's documentation entry will tell you if it uses sops and what secrets it expects.