agenix
slips
agenix | slips | |
---|---|---|
10 | 90 | |
1,241 | 1,450 | |
- | 1.2% | |
7.3 | 9.0 | |
6 days ago | 3 days ago | |
Nix | Markdown | |
Creative Commons Zero v1.0 Universal | Creative Commons Attribution Share Alike 4.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
agenix
-
password manager solution advice
How about: https://github.com/ryantm/agenix
-
how to store secrets needed at install time
I've heard good things about and seen sops-nix used on a few really solid configs. Others tend to use Age or Homeage.
-
Ask HN: A Better Docker Compose?
I don't have a write-up, just my code in git. But it's not public. I'm not using anything out of the ordinary - Nix containers, modules, and functions, and the Agenix module with uses a private key to decrypt secrets at start. The Nix language is inherently composable. Here are some links that explain:
Containers:
https://nixos.wiki/wiki/NixOS_Containers
Modules:
https://nixos.wiki/wiki/NixOS_modules
Functions:
https://www.reddit.com/r/NixOS/comments/zzstun/please_help_m...
Agenix:
https://github.com/ryantm/agenix
-
ridiculously easy mail server setup with NixOS
For passwords I am using agenix which is also pretty awesome, an alternative could have been sops.nix.
-
NixOS for Apt/Yum Users: a Gift That Keeps on Giving
Alternatively, you could simply add the wireless connection files to the Networkmanager dir in /etc using environment.etc. Though keep in mind that any file declared in your config is readable by any user in your system. agenix would be the solution to that.
-
What to do...
One think I saw that I don't recommend is to change your password after installing; that's not very reporoducible, use users.users..hashedPassword or users.users..passwordFile with agenix or sops-nix.
-
Understanding nixos secrets management/aws configuration
Answering your broader question (secret management) colmena does that for me outside the Nix store. I also use git-crypt to store secrets in the repo. There are also more Nix-y alternatives like agenix.
-
If you’re not using SSH certificates you’re doing SSH wrong
I feel that trying to make SSH keys short-lived is becoming more painful each year because there's an increase of tools that use SSH keys for purposes other than SSH logins. For example, age [1] encrypts files with SSH keys, agenix [2] does secrets management with it, Git can now sign commits with it [3], and even ssh-keygen can now sign arbitrary data [4]. All of these become useless the moment you start using short-lived keys.
[1]: https://github.com/FiloSottile/age
[2]: https://github.com/ryantm/agenix
[3]: https://calebhearth.com/sign-git-with-ssh
[4]: https://www.man7.org/linux/man-pages/man1/ssh-keygen.1.html
-
homeage: declarative runtime decrypted age secrets for home manager
I built this because I try to keep as much as possible outside of my system config but all of the secret managers I found were system only. I had no idea how to solve this until I found RaitoBezarius' awesome pull request to agenix where it all clicked. It also exposed me to the inner workings of home-manager which has definitely made me appreciate it more! I kept this separate from agenix because I am interested only in a module rather than a CLI and thus see it as having a different fit.
-
How do you manage your private keys?
I've been thinking about the same thing. I haven't gotten around to it yet but agenix looked the most promising to me so far
slips
-
As XRP Toolkit doesn't support Trezor, is there an alternative way to use SetRegularKey on my Trezor to be able to register for the Evernode Airdrop via Xumm?
The official SLIP-0039 standard itself confirms it is not possible to convert this mnemonic type to BIP-0039. Down in Section 9 "Compatibility with BIP-039":
-
Shamir Secret Sharing
For anybody new or returning to SSS, check out SLIP-0039: https://github.com/satoshilabs/slips/blob/master/slip-0039.m...
One of the big downsides of SSS is that it’s very raw and you have to do a lot of legwork to make it actually useable. It’s rightfully criticized for this and the argument follows the don’t roll your own crypto vein.
SLIP39 solves this by formalizing a protocol for handling SSS splits built atop standards for crypto key serialization (BIP-39). SlIP shards are unique on each generation so parties with the same underlying SSS shard can’t compare mnemonics, they’re mnemonically serialized, and have a checksum and group index metadata which makes a more sane UX possible when combining.
-
Trezor-T XMR Account Recovery (do not use, sample only)
Well every wallet chose to solve this problem independently. Trezor proposed a new standard called SLIP10 to do BIP44 type operations coins that did not use secp256k1. Problem is, there are very few utilities I've found that will do SLIP10 derivations.
-
Seed Conversion Woes
Checkout the SLIPs repo (https://github.com/satoshilabs/slips.git) and modify testvectors.py. We are going to replace the curvenames and last four show_testvectors lines with the following:
-
Reminder: Trezor Shamir Backup is fundamentally secure
They use an open source algorithm which is documented here. Anyone can verify it and the recovery outside of a Trezor hw-wallet is possible if required.
-
Article explaining how Ledger Recover works
It will be using SLIP-39, like Trezor and Electrum, or a Ledger rewrite of it. All the language about shards is straight from the SLIP39 spec.
- Is it possible to have both BTC and XMR keys stored on the same Trezor at the same time?
-
Simple sample script to dump Trezor Coinjoin taproot addresses
This was all done with the SLIP-14 seed using the passphrase coinjoin if you want to follow along.
-
Simple sample script to dump coinjoin taproot addresses
With the introduction of the new Coinjoin feature in the latest release of firmware and software, I had the need to dump some of my taproot derivations. Although blockbook can do this fine using descriptors in place of xpubs for taproot accounts, it fails on Coinjoin accounts. This is likely because SLIP-25 as 6 deep derivations while BIP-86 uses a standard derivation depth of 5.
-
coinjoin funds accessible to other wallets?
The recovery of Coinjoin accounts is described here. Accessing them outside of Trezor Suite will 100% destroy all privacy obtained since Suite is the only keeper of the anonymity set for each UTXO. Using your CJ coins outside of Suite may also erode the privacy of previous transactions using your Suite Private coins as well.
What are some alternatives?
sops-nix - Atomic secret provisioning for NixOS based on sops
bip39 - A web tool for converting BIP39 mnemonic codes
nixos-config - My NixOS configurations.
shamir39 - Split BIP39 mnemonics using Shamir's Secret Sharing Scheme
nixos-config - Mirror of https://code.balsoft.ru/balsoft/nixos-config
python-shamir-mnemonic
homeage - runtime decrypted age secrets for nix home manager
bips - Bitcoin Improvement Proposals
packages - Community maintained packages for OpenWrt. Documentation for submitting pull requests is in CONTRIBUTING.md
slip39 - A web tool for SLIP39 mnemonic shares
pass-import - A pass extension for importing data from most existing password managers
python-mnemonic - :snake: Mnemonic code for generating deterministic keys, BIP39