mirror of
https://github.com/TECHNOFAB11/kubenix.git
synced 2025-12-12 08:00:06 +01:00
679 B
679 B
A good runtime secret option (thus avoiding exposing them in the nix store) is loading values with vals. A minimal example, using the file provider, might look like
{{< source "default.nix" >}}
{{< hint info >}}
NOTE: The creation of /path/to/secret is out of scope but we recommend checking out one of the secret managing schemes.
{{< /hint >}}
Then it's up to you when and where to apply from with something along the lines of:
pkgs.writeShellScript "apply" ''
cat /path/to/manifests | ${pkgs.vals}/bin/vals eval | ${pkgs.kubectl}/bin/kubectl -f -
''