kubenix/docs/content/examples/secrets/_index.md

A good runtime secret option (thus avoiding exposing them in the nix store) is loading values with [vals](https://github.com/variantdev/vals).
A minimal example, using the file provider, might look like

{{< source "default.nix" >}}

{{< hint info >}}
**NOTE**: The creation of `/path/to/secret` is out of scope but we recommend checking out one of the [secret managing schemes](https://nixos.wiki/wiki/Comparison_of_secret_managing_schemes).
{{< /hint >}}

Then it's up to you when and where to apply from with something along the lines of:

```nix
pkgs.writeShellScript "apply" ''
  cat /path/to/manifests | ${pkgs.vals}/bin/vals eval | ${pkgs.kubectl}/bin/kubectl -f -
''
```
docs: add vals example for secrets 2023-06-11 23:02:06 -04:00			`A good runtime secret option (thus avoiding exposing them in the nix store) is loading values with [vals](https://github.com/variantdev/vals).`
			`A minimal example, using the file provider, might look like`
add examples to docs site 2022-08-29 02:04:47 -04:00
add support for vals (#11) 2022-09-15 21:49:08 -04:00			`{{< source "default.nix" >}}`
add examples to docs site 2022-08-29 02:04:47 -04:00
docs: add vals example for secrets 2023-06-11 23:02:06 -04:00			`{{< hint info >}}`
			NOTE: The creation of `/path/to/secret` is out of scope but we recommend checking out one of the [secret managing schemes](https://nixos.wiki/wiki/Comparison_of_secret_managing_schemes).
			`{{< /hint >}}`

			`Then it's up to you when and where to apply from with something along the lines of:`

			```nix
			`pkgs.writeShellScript "apply" ''`
			`cat /path/to/manifests \| ${pkgs.vals}/bin/vals eval \| ${pkgs.kubectl}/bin/kubectl -f -`
			`''`
			```