I wrote an article about how I manage secrets with sops-nix using a separate git+file: flake input for the secrets themselves: Managing Secrets privately with sops-nix. Doing some research for the article, I encountered another article by @isabelroses released recently, which evaluates sops-nix from scratch; a much better “getting started” intro. It doesn’t appear like it got posted here, so I thought I’d post both.
5 Likes
@isabelroses here’s a 
so that you’d have the chance to participate in any emerging conversation.
2 Likes
My motivation for splitting out the secrets is that it makes sharing your configuration more realistic.
For the longest time I’ve wanted to publish my system flakes, but since some of them had secrets, they never got published. Being a backup pleb, I don’t manage to backup things well unless they’re on my public GitHub. So I’ve probably lost 1-3 laptop configurations over the last 3 years exactly when and because they reached some maturity.
I hope my backup story will be better in 2026 since I’ve vowed to make a family photo album backup outside of iCloud. In the meantime, my Nix configurations are one thing less to worry about.