agenix
age
agenix | age | |
---|---|---|
10 | 214 | |
1,241 | 15,341 | |
- | - | |
7.3 | 4.9 | |
6 days ago | 15 days ago | |
Nix | Go | |
Creative Commons Zero v1.0 Universal | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
agenix
-
password manager solution advice
How about: https://github.com/ryantm/agenix
-
how to store secrets needed at install time
I've heard good things about and seen sops-nix used on a few really solid configs. Others tend to use Age or Homeage.
-
Ask HN: A Better Docker Compose?
I don't have a write-up, just my code in git. But it's not public. I'm not using anything out of the ordinary - Nix containers, modules, and functions, and the Agenix module with uses a private key to decrypt secrets at start. The Nix language is inherently composable. Here are some links that explain:
Containers:
https://nixos.wiki/wiki/NixOS_Containers
Modules:
https://nixos.wiki/wiki/NixOS_modules
Functions:
https://www.reddit.com/r/NixOS/comments/zzstun/please_help_m...
Agenix:
https://github.com/ryantm/agenix
-
ridiculously easy mail server setup with NixOS
For passwords I am using agenix which is also pretty awesome, an alternative could have been sops.nix.
-
NixOS for Apt/Yum Users: a Gift That Keeps on Giving
Alternatively, you could simply add the wireless connection files to the Networkmanager dir in /etc using environment.etc. Though keep in mind that any file declared in your config is readable by any user in your system. agenix would be the solution to that.
-
What to do...
One think I saw that I don't recommend is to change your password after installing; that's not very reporoducible, use users.users..hashedPassword or users.users..passwordFile with agenix or sops-nix.
-
Understanding nixos secrets management/aws configuration
Answering your broader question (secret management) colmena does that for me outside the Nix store. I also use git-crypt to store secrets in the repo. There are also more Nix-y alternatives like agenix.
-
If you’re not using SSH certificates you’re doing SSH wrong
I feel that trying to make SSH keys short-lived is becoming more painful each year because there's an increase of tools that use SSH keys for purposes other than SSH logins. For example, age [1] encrypts files with SSH keys, agenix [2] does secrets management with it, Git can now sign commits with it [3], and even ssh-keygen can now sign arbitrary data [4]. All of these become useless the moment you start using short-lived keys.
[1]: https://github.com/FiloSottile/age
[2]: https://github.com/ryantm/agenix
[3]: https://calebhearth.com/sign-git-with-ssh
[4]: https://www.man7.org/linux/man-pages/man1/ssh-keygen.1.html
-
homeage: declarative runtime decrypted age secrets for home manager
I built this because I try to keep as much as possible outside of my system config but all of the secret managers I found were system only. I had no idea how to solve this until I found RaitoBezarius' awesome pull request to agenix where it all clicked. It also exposed me to the inner workings of home-manager which has definitely made me appreciate it more! I kept this separate from agenix because I am interested only in a module rather than a CLI and thus see it as having a different fit.
-
How do you manage your private keys?
I've been thinking about the same thing. I haven't gotten around to it yet but agenix looked the most promising to me so far
age
-
keepsecret.py: a simple way to encrypt secret files in your repository
age
- Age: A simple, modern and secure encryption tool
-
Joining ChatCraft.org
and echoing the result after converting to an age private key
-
What is the point of a public key fingerprint?
I like that https://github.com/FiloSottile/age has small public keys.
-
OpenPGP Forked into "LibrePGP" by GnuPG's Maintainer Werner Koch
> something fresh
It exists, it's called age..
Some random links
https://github.com/FiloSottile/age
https://www.reddit.com/r/crypto/comments/hr64hr/state_of_age...
https://github.com/FiloSottile/age/discussions/432
> (Acquiring keys, rotating keys, identifying compromised keys, and most importantly either reaches a large enough percentage of emails..
Oh nevermind, age doesn't do any of that. Indeed, it doesn't even do email https://github.com/FiloSottile/age/issues/93
-
An opinionated template for deploying a single k3s cluster with Ansible backed by Flux, SOPS, GitHub Actions, Renovate, Cilium, Cloudflare and more!
Encrypted secrets thanks to SOPS and Age
-
Prettier $20k Bounty was Claimed
I never heard of "Age" before this post. Thank you to share. If others are interested to learn more, here are two other interesting posts about Age:
https://github.com/FiloSottile/age/discussions/432
https://words.filippo.io/dispatches/age-authentication/
-
Cosmopolitan Third Edition
of all things I was able to resolve the issue via this github issue: https://github.com/FiloSottile/age/issues/370#issuecomment-1...
-
Would you trust a repository made like this to save your secrets?
Why keep something secret on a public repo? Is that not an oxymoron?
Also, I’m terms of encryption something like age[0] makes it much easier to not shoot yourself in the foot.
[0] https://github.com/FiloSottile/age
-
Looking For Encryption App
Why RSA specifically? For backups, I recommend Tarsnap. But if you really don't want to pay for encrypted cloud hosting, then check out age encryption.
What are some alternatives?
sops-nix - Atomic secret provisioning for NixOS based on sops
sops - Simple and flexible tool for managing secrets
nixos-config - My NixOS configurations.
Picocrypt - A very small, very simple, yet very secure encryption tool.
nixos-config - Mirror of https://code.balsoft.ru/balsoft/nixos-config
rage - A simple, secure and modern file encryption tool (and Rust library) with small explicit keys, no config options, and UNIX-style composability.
homeage - runtime decrypted age secrets for nix home manager
age-plugin-yubikey - YubiKey plugin for age
packages - Community maintained packages for OpenWrt. Documentation for submitting pull requests is in CONTRIBUTING.md
minisign - A dead simple tool to sign files and verify digital signatures.
pass-import - A pass extension for importing data from most existing password managers
OpenKeychain - OpenKeychain is an OpenPGP implementation for Android.