mirror of
https://gitlab.com/TECHNOFAB/nixlets.git
synced 2026-02-02 11:15:08 +01:00
docs: write initial documentation
This commit is contained in:
parent
94aa02b9e3
commit
b75456810f
6 changed files with 274 additions and 4 deletions
27
docs/secrets.md
Normal file
27
docs/secrets.md
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
# Secrets
|
||||
|
||||
When using Nixlets together with tools like [FluxCD](https://fluxcd.io) and
|
||||
[SOPS](https://github.com/getsops/sops) it makes sense to apply the secrets on
|
||||
their own (eg. with their own FluxCD's `Kustomization`).
|
||||
|
||||
To make secret management easier, Nixlets allow you to specify encrypted secret
|
||||
files in your configuration like this:
|
||||
|
||||
```nix title="some_resource.nix"
|
||||
# ...
|
||||
kubernetes.secrets."name" = ./secret.sops.yaml;
|
||||
kubernetes.resources.configMaps. # ...
|
||||
# ...
|
||||
```
|
||||
|
||||
In CI for example you can then retrieve all of these files at once and put them
|
||||
in an OCI image for FluxCD to deploy:
|
||||
|
||||
```nix title="flake.nix"
|
||||
packages.secrets = (<some nixlet>).secretsCombined; # (derivation)
|
||||
```
|
||||
|
||||
```sh
|
||||
nix build .#secrets
|
||||
# result/ contains all yaml secret files
|
||||
```
|
||||
Loading…
Add table
Add a link
Reference in a new issue