Is this feature missing in the latest version?
Is your feature request related to a problem? Please describe.
With sops-nix (and other tools) it is common to specify paths instead of specific secret values, so it's easier to define in Nix code (instead of passing the hardcoded secrets to e.g. the arm.yaml file which could have overly "open" permissions and also be stored in the world-readable nix store).
Describe the solution you'd like?
Allow specifying secrets using path to files instead of only as directly hardcoded values. There is a module in nixpkgs that is commonly used for this, as a "intermediate step" when writing the config files, but I cannot recall its name right now (something with jq in the name I think).
Describe alternatives you've considered?
Using env variables as in the maintainer's dotfiles may also be an option: https://github.com/xieve/dotfiles/blob/799e579c27e7e76050dfa4d7f418bde819933fa9/nixos/thegreatbelow/automatic-ripping-machine.nix#L74
Anything else?
No response
Code of Conduct
Is this feature missing in the latest version?
Is your feature request related to a problem? Please describe.
With
sops-nix(and other tools) it is common to specify paths instead of specific secret values, so it's easier to define in Nix code (instead of passing the hardcoded secrets to e.g. thearm.yamlfile which could have overly "open" permissions and also be stored in the world-readable nix store).Describe the solution you'd like?
Allow specifying secrets using path to files instead of only as directly hardcoded values. There is a module in
nixpkgsthat is commonly used for this, as a "intermediate step" when writing the config files, but I cannot recall its name right now (something withjqin the name I think).Describe alternatives you've considered?
Using env variables as in the maintainer's dotfiles may also be an option: https://github.com/xieve/dotfiles/blob/799e579c27e7e76050dfa4d7f418bde819933fa9/nixos/thegreatbelow/automatic-ripping-machine.nix#L74
Anything else?
No response
Code of Conduct