> On Sep 13, 2016, at 00:18, Tomasz Czyż <tomasz.c...@gmail.com> wrote: > all files written by nix (or maybe almost all) end up in /nix/store and are > world-readable, not the best way to keep secrets. Oops, that doesn’t sound like a great idea.
> You have to deploy secrets manually or you could use NixOps (and > deployment.keys) to deploy server with NixOS and deploy keys/secrets. Thanks for the suggestion. Sorry, I’m new to NixOps. Can I use it to deploy onto an already existing NixOS instance? I’m using a dedicated server and don’t want to run anything “on the cloud” or inside a virtual machine. (I’m planning to run NixOS as a container host.) Cheers, Wilhelm Schuster. _______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
