I currently use git-crypt to encrypt a JSON file containing my secrets. I do secrets = builtins.fromJSON (builtins.readFile "${self}/secrets/secrets.json"); and then pass the secrets reference into my nix files. But I would prefer to use something a little more purpose-built.
Hi there, I am just curious if:
1) this is possible, or; 2) Do you plan to add a similar feature
I am on a single-user system, and my use case is to keep secrets out of Git.
Can you render a secret directly into a Nix file? For example:
I currently use
git-crypt
to encrypt a JSON file containing my secrets. I dosecrets = builtins.fromJSON (builtins.readFile "${self}/secrets/secrets.json");
and then pass thesecrets
reference into my nix files. But I would prefer to use something a little more purpose-built.Thank you.