I’ve skimmed this and it looks genuinely impressive, multiple providers and a Rust SDK is a very good place to start.
Is there plans to add support for Nix(OS) for SecretSpec? E.g. a module that functions similar to something like sops-nix would make this very useful for deploying infrastructure, being able to easily provision testing/staging/production secrets just by changing what profile to use could be a powerful abstraction for these kinds of systems.
Thanks! I think the first step is to support sops as a provider and then we can look into possible replacements 
cool ! for a tool with a different philosophy, aka fetching from several providers without the ability to specify one, check out GitHub - PierreBeucher/novops: Cross-platform secret & config manager for development and CI environments .
Definitely very interesting, and some decent tooling in this space is long overdue. I’m under caffeinated at the moment, but my instinct is some integration with systemd secrets management might be useful, and might help with “native” deployment of services on nixos.
Happy to see someone explore that!
I’m going to focus first on multiple providers and generating secrets, while supporting community contributions for any provider.
If I could request two providers, it would be gopass and vault / openbao. I also second the system-secrets integration.
Could you open issues on GitHub - cachix/secretspec: Declarative secrets, every environment, any provider. (or upvote if they already exist)? That way it’s easier to know what’s next, thank you
Done:
I invite anybody reading this to add info or make a PR 