agenix
git-remote-gcrypt
agenix | git-remote-gcrypt | |
---|---|---|
10 | 8 | |
1,241 | 748 | |
- | - | |
7.3 | 0.0 | |
6 days ago | over 1 year ago | |
Nix | Shell | |
Creative Commons Zero v1.0 Universal | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
agenix
-
password manager solution advice
How about: https://github.com/ryantm/agenix
-
how to store secrets needed at install time
I've heard good things about and seen sops-nix used on a few really solid configs. Others tend to use Age or Homeage.
-
Ask HN: A Better Docker Compose?
I don't have a write-up, just my code in git. But it's not public. I'm not using anything out of the ordinary - Nix containers, modules, and functions, and the Agenix module with uses a private key to decrypt secrets at start. The Nix language is inherently composable. Here are some links that explain:
Containers:
https://nixos.wiki/wiki/NixOS_Containers
Modules:
https://nixos.wiki/wiki/NixOS_modules
Functions:
https://www.reddit.com/r/NixOS/comments/zzstun/please_help_m...
Agenix:
https://github.com/ryantm/agenix
-
ridiculously easy mail server setup with NixOS
For passwords I am using agenix which is also pretty awesome, an alternative could have been sops.nix.
-
NixOS for Apt/Yum Users: a Gift That Keeps on Giving
Alternatively, you could simply add the wireless connection files to the Networkmanager dir in /etc using environment.etc. Though keep in mind that any file declared in your config is readable by any user in your system. agenix would be the solution to that.
-
What to do...
One think I saw that I don't recommend is to change your password after installing; that's not very reporoducible, use users.users..hashedPassword or users.users..passwordFile with agenix or sops-nix.
-
Understanding nixos secrets management/aws configuration
Answering your broader question (secret management) colmena does that for me outside the Nix store. I also use git-crypt to store secrets in the repo. There are also more Nix-y alternatives like agenix.
-
If you’re not using SSH certificates you’re doing SSH wrong
I feel that trying to make SSH keys short-lived is becoming more painful each year because there's an increase of tools that use SSH keys for purposes other than SSH logins. For example, age [1] encrypts files with SSH keys, agenix [2] does secrets management with it, Git can now sign commits with it [3], and even ssh-keygen can now sign arbitrary data [4]. All of these become useless the moment you start using short-lived keys.
[1]: https://github.com/FiloSottile/age
[2]: https://github.com/ryantm/agenix
[3]: https://calebhearth.com/sign-git-with-ssh
[4]: https://www.man7.org/linux/man-pages/man1/ssh-keygen.1.html
-
homeage: declarative runtime decrypted age secrets for home manager
I built this because I try to keep as much as possible outside of my system config but all of the secret managers I found were system only. I had no idea how to solve this until I found RaitoBezarius' awesome pull request to agenix where it all clicked. It also exposed me to the inner workings of home-manager which has definitely made me appreciate it more! I kept this separate from agenix because I am interested only in a module rather than a CLI and thus see it as having a different fit.
-
How do you manage your private keys?
I've been thinking about the same thing. I haven't gotten around to it yet but agenix looked the most promising to me so far
git-remote-gcrypt
- End to end encrypted git
- Soft-serve: A tasty, self-hostable Git server for the command line
-
password manager solution advice
Are you aware of https://spwhitton.name/tech/code/git-remote-gcrypt/?
- Using GNU Stow to manage your dotfiles (2012)
-
Please explain like I'm 5 years old: what is a GPG key, a key server, and (especially) a keyring?
We use a modified https://github.com/spwhitton/git-remote-gcrypt on some of our git repos and employ the GPG Keychain app (from https://gpgtools.org) to help us manage the associated keys.
- Ask HN: Why should I trust password managers?
-
keybase git repositories
I used to rely heavily of Keybase reops, but since the takeover I'm no longer confident in their longevity. An alternative option is to encrypt files yourself and use a mainstream git provider. There are utils like gcrypt specifically for this use case. That way you can be confident in the encryption AND availability.
-
git-annex encrypted on rsync.net?
Yes, git-annex is perfect for this. It can do this with encryption via the rsync special remote. To store the git branches themselves, you can use git-remote-gcrypt. For backups, you can store the files on external hdds (additional to rsync.net) and keep them mostly offline/powered off. git-annex works really well with offline drives. Alternatively you can backup to another cloud provider that is supported as a special-remote.
What are some alternatives?
sops-nix - Atomic secret provisioning for NixOS based on sops
hashpass - A simple password manager with a twist.
nixos-config - My NixOS configurations.
passff-host - Host app for the WebExtension PassFF
nixos-config - Mirror of https://code.balsoft.ru/balsoft/nixos-config
client - Keybase Go Library, Client, Service, OS X, iOS, Android, Electron
homeage - runtime decrypted age secrets for nix home manager
passff - zx2c4 pass manager extension for Firefox, Chrome and Opera
packages - Community maintained packages for OpenWrt. Documentation for submitting pull requests is in CONTRIBUTING.md
homesick - Your home directory is your castle. Don't leave your dotfiles behind.
pass-import - A pass extension for importing data from most existing password managers
git-secret - :busts_in_silhouette: A bash-tool to store your private data inside a git repository.