I am seeking to revise my secrets management approach.
My aspirations are:
Spend less time inputting ssh-key passwords
Spend less time inputting my lastpass password
automate systemd secrets access
generally make passwords/ssh easier
automate secrets access to new nixos/nix installations
maximize safety in the short and long term
Presently I use lastpass, though I’m seeing that some online do not find it trustworthy.
I wonder if I should migrate to an entirely different password manager.
I’m also seeing that sops-nix and agenix do not make a priority of utilizing password managers.
My learning curve to secrets management is pretty steep at the moment, so I don’t really know which trees I should be barking up, even though I’ve been researching this for a few days.
I know that this is a complicated problem to solve, and that there many ways to solve it… but what reccommendations might you offer me? I’d be extremely grateful for some direction!
I use sops-nix for my servers but not my workstation, there is some cases where I have GPG encrypted secrets in my nix store, they are decrypted when needed on runtime (by example my wireguard private key).
Don’t know well lastpass but I’m using a self-hosted bitwarden (with 2FA) for a lot a stuff, you can configure how long it stays unlocked.
thanks for the help y’all! I’ve done some more digging and have decided to opt for sops-nix, and to migrate to another password manager. I’m excited for the undertaking