I have configured sops since a while now and everything works fine for now. But I now need to have a secret file with a specific format (see hyprpanel config.
For this use case I don’t think I can use my regular setup where all secrets are in one single yaml file. So I created that file in my sops repo and encrypted it. But I have no idea how to tell sops to import/copy it where I need it.
I’ve tried the following for now but i’m trying stuff blind as I haven’t found something similar anywhere:
config.nindouja is my own config attrset.
ninja-secrets is my secret’s flake
{ ... }: let
username = config.nindouja.user.username;
secretsDirectory = builtins.toString inputs.ninja-secrets;
weather_key_file = "/var/lib/weatherapi/key.json";
in {
sops = {
defaultSopsFile = "${secretsDirectory}/secrets.yaml";
age = {
# automatically import this user and the dev ssh keys as age keys
sshKeyPaths = ["${homeDirectory}/.ssh/id_ed25519"];
# this will use an age key that is expected to already be in the filesystem
keyFile = "${homeDirectory}/.config/sops/age/key.txt";
# generate a new key if the key specified above does not exist
generateKey = true;
};
# Try #1
secrets."weather.json" = {
sopsFile = "${secretsDirectory}/secrets.json";
mode = "0400";
owner = username;
path = weather_key_file;
};
# Try #2
secrets."${secretsDirectory}/secrets.json" = {
sopsFile = "${secretsDirectory}/secrets.json";
mode = "0400";
owner = username;
path = weather_key_file;
};
};
}
Try #1 fails with:
weather.json' is not allowed to refer to a store path
but the defaultSopsFile attribute refering to secrets.yaml works fine…
Try #2 fails with:
The option `sops.secrets.“weather.json”.owner’ does not exist.
=============
Anyone could help with that or maybe refer to someone’s config achieving that ?