secrets rendered in a nix file

[bashfulrobot]

Hi there, I am just curious if:

1) this is possible, or; 2) Do you plan to add a similar feature

I am on a single-user system, and my use case is to keep secrets out of Git.

Can you render a secret directly into a Nix file? For example:

programs = {
      git = {
        enable = true;
        userEmail = "${secrets.git.email}";

        # SNIPPED

I currently use git-crypt to encrypt a JSON file containing my secrets. I do secrets = builtins.fromJSON (builtins.readFile "${self}/secrets/secrets.json"); and then pass the secrets reference into my nix files. But I would prefer to use something a little more purpose-built.

Thank you.