Hi there, I was reading the wiki entry on agenix. Had a few quick questions for clarification.
- While there is a “workaround” to replace strings/secrets, does anyone know if there are plans to support this officially in Agenix? Or is there a better way to deal with this?
- what confuses me about the current replace method, how would this work if you are using home-manager, and your config files are symlinks?
- when creating the
/etc/nixos/secrets/secrets.nixfile and adding your pub keys, how does the system know about which private keys in
~/.ssh? Even though the instructions show, you create the secret with
agenix -e secret1.age, I assume you need to pass in the desired private key with the
- The instructions discuss using
ssh-keyscanto get your pub key. I assume I can just
catmy pub key in my
~/.sshfolder and paste that in as well?
Maybe I am confused about the structures and behaviour here and am missing something.