technofab/kubenix
1
0
Fork 0
mirror of https://github.com/TECHNOFAB11/kubenix.git synced 2025-12-12 16:10:05 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

docs: add vals example for secrets

Browse source
This commit is contained in:
Bryton Hall 2023-06-11 23:02:06 -04:00
parent 6c27c1d52b
commit c577e3e887
1 changed files with 13 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

15
docs/content/examples/secrets/_index.md
View file

@ -1,5 +1,16 @@
We support runtime secret (or config) value loading with [vals](https://github.com/variantdev/vals). A minimal example, using the file provider, might look like
A good runtime secret option (thus avoiding exposing them in the nix store) is loading values with [vals](https://github.com/variantdev/vals).
A minimal example, using the file provider, might look like
{{< source "default.nix" >}}
The creation of `/path/to/secret` is out of scope but we recommend checking out one of [the many nix secrets management tools](https://nixos.wiki/wiki/Comparison_of_secret_managing_schemes).
{{< hint info >}}
**NOTE**: The creation of `/path/to/secret` is out of scope but we recommend checking out one of the [secret managing schemes](https://nixos.wiki/wiki/Comparison_of_secret_managing_schemes).
{{< /hint >}}
Then it's up to you when and where to apply from with something along the lines of:
```nix
pkgs.writeShellScript "apply" ''
cat /path/to/manifests | ${pkgs.vals}/bin/vals eval | ${pkgs.kubectl}/bin/kubectl -f -
''
```