How to take secrets from multiple files?

[poperigby]

I currently have one big YAML file for my secrets, but it's getting a bit messy. Is there a way for me to use multiple secret files that are accessible to every host? I wanted to have a secret file for each host, and then one common.yaml file that has common secrets.

[sedlund]

Yes. Look here: https://github.com/Mic92/sops-nix?tab=readme-ov-file#different-file-formats

the sops.defaultSopsFile would be your common.yaml then reference the other secret files with sopsFile as shown in the example.

which secret files each machine can decrypt is configured in the .sops.yaml

[poperigby]

I see. So there's no way to do it without having to specify the sopsFile for everything besides common.yaml? That would get pretty cumbersome sadly.

[sedlund]

i have a common and one per host if needed. my home-manager with sops is separate

[poperigby]

Do you manually specify the correct sopsFile every time you use it though? I have a server and the majority of secrets are for that host.

[sedlund]

if you have a lot - this may give you inspiration:

https://github.com/clan-lol/clan-core/blob/a95853276605332edd7bf109d9dce87a3c66a02e/nixosModules/clanCore/facts/secret/sops.nix#L44-L46

[poperigby]

Thank you. I think it would be a nice feature to be able to specify multiple default sops files.

[sedlund]

Also see https://github.com/Mic92/sops-nix/issues/378#issuecomment-2068820729

[poperigby]

Thank you. Should I close this issue and open a new one for being able to specify multiple default sops files?

[bjornfor]

Sounds related to https://github.com/Mic92/sops-nix/pull/417.

[poperigby]

Yeah. Seems that PR is dead though :slightly_frowning_face:.