RGBCube/agenix
1
Fork 0
mirror of https://github.com/RGBCube/agenix synced 2025-07-29 01:37:44 +00:00
Code Issues Activity Actions

doc: add new doc website

Browse source 
* use mmdoc
* add github pages action to auto publish
* do not edit README for now, will follow up with a commit directs
people to the doc site
This commit is contained in:
Ryan Mulligan 2023-02-26 14:17:37 -08:00
parent 4828951d9d
commit 657789137c
22 changed files with 602 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
doc/problem-and-solution.md Normal file
View file

@ -0,0 +1,5 @@
# Problem and solution {#problem-and-solution}
All files in the Nix store are readable by any system user, so it is not a suitable place for including cleartext secrets. Many existing tools (like NixOps deployment.keys) deploy secrets separately from `nixos-rebuild`, making deployment, caching, and auditing more difficult. Out-of-band secret management is also less reproducible.
`agenix` solves these issues by using your pre-existing SSH key infrastructure and `age` to encrypt secrets into the Nix store. Secrets are decrypted using an SSH host private key during NixOS system activation.