Newbie Question: What is secrets?

Okay, this can be odd but I really searched it up but I really didn’t understand the concept…

I am new to NixOS (Setted up most of the config for my base needs via flake from nyabinary and some other user’s configurations, but I don’t use a secret sops-nix setup.) but know basic Linux, git, ssh… I was migrating NixOS from arch and I was already using git ssh setup. After I switched to nixos I was initially started to use my git ssh without any issues.

As far as I know, ssh, git, wireless password is known as a secret but I still don’t understand why I need to use a secret handling tool on Nix if I don’t use ssh, git passwords, secrets inside my NixOS configuration files?

If all the wireless password, git, ssh other seahorse, gpg keys are really written in the Nix store world-readable, as far as I know they would be able to get my secrets, maybe accounts? According to my knowledge that’s an answer is yes and I am already trying to learn how to manage secrets because I care about my security.

Anyway, my first concern for now is my git bare repo. If I am not wrong, I don’t need to worry about any secret if I didn’t set up ssh, git etc. on NixOS files but I don’t know if something is a secret on Nix configuration e.g maybe some hashes on flake or some files? I don’t think there are secrets if I didn’t add, and I feel stupid to ask this, but I need to be sure that I am not wrong.

1 Like

You don’t need one if you’re not using secrets in your config.