Hi Tomasz, One option is to introduce these credentials as parameters to your network evaluation:
{ secretCertificate }: { web = { ... } : ... } Then you will need to set this parameter when you do deployments in order to evaluate the network expression and perform deployments. You could easily script this and interactively prompt the user, or maybe use GPG to decrypt an encrypted file for the values at deployment time. Hopefully that gives you some ideas, Ollie On Thu, May 12, 2016 at 12:57 AM Tomasz Czyż <tomasz.c...@gmail.com> wrote: > Hi all NixOps users and devs. > > I wanted to deploy some secrets/certificates to machines and I'm not sure > how to do that. I would like to avoid storing those in nix store. Is there > any way to deploy secrets to machines and not use nix store? > > I know there is solution to deploy disk encryption keys which is stored in > state file, but what about other secrets? Is there any general way to > handle that? > > I thought that I could do that using "nixops ssh" feature, but I would > like to describe those credentials in network.nix file, is that possible? > _______________________________________________ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev >
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev