mirror of
https://github.com/TECHNOFAB11/kubenix.git
synced 2025-12-12 16:10:05 +01:00
11 lines
452 B
Markdown
11 lines
452 B
Markdown
Secrets management requires some extra care as we want to prevent values from
|
|
ending up in the, world-readable, nix store.
|
|
|
|
{{< hint "warning" >}}
|
|
**WARNING**
|
|
|
|
The kubenix secrets story is incomplete. Do not trust it -- it has not been tested.
|
|
{{< /hint >}}
|
|
|
|
The easiest approach is to avoid writing to the store altogether with `nix eval` instead of `nix build`.
|
|
This isn't a long-term device and we'll explore integrations with other tools soon(TM).
|