Skip to content

🔧 Support _files for secrets (e.g. OMDB API Key) #4

Description

@miguelpduarte

Is this feature missing in the latest version?

  • I'm using the latest release

Is your feature request related to a problem? Please describe.

With sops-nix (and other tools) it is common to specify paths instead of specific secret values, so it's easier to define in Nix code (instead of passing the hardcoded secrets to e.g. the arm.yaml file which could have overly "open" permissions and also be stored in the world-readable nix store).

Describe the solution you'd like?

Allow specifying secrets using path to files instead of only as directly hardcoded values. There is a module in nixpkgs that is commonly used for this, as a "intermediate step" when writing the config files, but I cannot recall its name right now (something with jq in the name I think).

Describe alternatives you've considered?

Using env variables as in the maintainer's dotfiles may also be an option: https://github.com/xieve/dotfiles/blob/799e579c27e7e76050dfa4d7f418bde819933fa9/nixos/thegreatbelow/automatic-ripping-machine.nix#L74

Anything else?

No response

Code of Conduct

  • I agree to follow this project's Code of Conduct

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions