Thanks for Agenix!

I just set it up - thank you Ryan for this simple project. Elegant idea, which secures and simplifies my workflow.

As an aside, I’d love a feature like this to be part of standard NixOS. I.e. an easy and elegant way to be secure out of the box.

Thanks also for NixOS guys - I am in love with this project (haven’t felt this way about Linux since discovering Debian & apt 20+ years ago - beautiful package systems are a wonderful thing).


For the casual reader:

It allows you to manage secrets in NixOS deployments, without them being exposed to the world-readable store, or readable within git.

If you put secrets (passwords, keys and the like) in your nix projects in any other way, now is probably a good time to stop doing that and changing them all.

There’s a similar project in, which does support gpg as well as age.

I prefer the latter slightly currently because it integrates nicely with my yubikey+gpg based workflow everywhere else, but if you’re ready to abandon gpg in favor of age, agenix is an alternative with a much simpler design, which definitely has its merits :slight_smile: