bike-barn / hermit

A home directory configuration management assistant
http://bike-barn.github.io/hermit/
Other
33 stars 7 forks source link

Secrets Implementation Strategy #173

Open RadicalZephyr opened 4 years ago

RadicalZephyr commented 4 years ago

Secrets should be treated as an encrypted "database" of the secrets and then any files which contain secrets and non-secret info should be represented as templates that reference the correct key from the secrets table.

I think the secrets file should just be a toml file because the table and key structure maps very nicely to being rendered by a template, and would allow creating sections for each file. Could even be that the name of the file being templated is the name of the table, and then all keys in that table are automatically in context instead of having to specify the table everywhere.

Although, it might be nice to be able to use the same secret in multiple places for some reason. Though I can't think of a good use case right now. Perhaps for API keys that are useful to have in both a *.json tool-specific config file and also to have them in environment variables.