Hi Tomasz,
One option is to introduce these credentials as parameters to your network
evaluation:
{ secretCertificate }:
{
web = { ... } : ...
}
Then you will need to set this parameter when you do deployments in order
to evaluate the network expression and perform deployments. You could
easily script this and interactively prompt the user, or maybe use GPG to
decrypt an encrypted file for the values at deployment time.
Hopefully that gives you some ideas,
Ollie
On Thu, May 12, 2016 at 12:57 AM Tomasz Czyż <tomasz.c...@gmail.com> wrote:
> Hi all NixOps users and devs.
>
> I wanted to deploy some secrets/certificates to machines and I'm not sure
> how to do that. I would like to avoid storing those in nix store. Is there
> any way to deploy secrets to machines and not use nix store?
>
> I know there is solution to deploy disk encryption keys which is stored in
> state file, but what about other secrets? Is there any general way to
> handle that?
>
> I thought that I could do that using "nixops ssh" feature, but I would
> like to describe those credentials in network.nix file, is that possible?
> _______________________________________________
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
_______________________________________________
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
