mirror of
https://gitlab.com/TECHNOFAB/nixlets.git
synced 2025-12-12 01:50:05 +01:00
776 B
776 B
Secrets
When using Nixlets together with tools like FluxCD and
SOPS it makes sense to apply the secrets on
their own (eg. with their own FluxCD's Kustomization).
To make secret management easier, Nixlets allow you to specify encrypted secret files in your configuration like this:
# ...
kubernetes.secrets."name" = ./secret.sops.yaml;
kubernetes.resources.configMaps. # ...
# ...
In CI for example you can then retrieve all of these files at once and put them in an OCI image for FluxCD to deploy:
packages.secrets = (<some nixlet>).secretsCombined; # (derivation)
nix build .#secrets
# result/ contains all yaml secret files