Notes on best practice handling encrypted secrets and public keys

[onny]

Hey, what is the best practice on handling these secrets? Is it safe to put age files and the public keys into my public git repository?

Best regards Jonas

[cole-h]

As with most questions like this, it really depends on your threat model.

That said, I publish my config, including public key information and the encrypted age files, for all to see: https://github.com/cole-h/nixos-config

[onny]

Good to know, thank you for this assesment!