Great video as always! To me, the difficulty with nix has always been that there are too many ways of doing the same thing, so when I try to do something, I can look at the documentation, the source code, other peoples configs, etc. everyone do the same things in different ways. This means that having your bite-size videos are extremely useful, as you make them very modular, so even though my config is already a sprawling mess of nix files, imports etc., I can always just add your stuff without any problems!

Just today I was beginning to setup sops-nix, this timing couldnt be any better! Thank you!!

YOUR VIDEOS ARE GOLD

This video is still my go-to way to have a refresher on sops-nix! way clearer than the documentation on that project lol

I was just looking at this yesterday. Thx for the vid.

The production quality sure is improving really fast!

Love it. I just followed these instructions to store my VPN credentials and deploy them into an OpenVPN configuration.

Awesome video! I was wondering if you could also make one about yubikeys and/or TPMs. Both provide a nice layer of security in addition to sops-nix. And if the generated keys are in sops, it doesn't matter if the private key is cracked, since you still need the Key/TPM to fully utilize it. Kinda like a passphrase in hardware!

This is gold! Thank you! 🙌

За червоно-чорну великодку окремий лайк :) Взагалі дуже дякую за контент, Ваш канал був основною причиною перейти на NixOS, і я ні граму не пожалів! Бажаю каналу розвитку і процвітання, нехай все буде тільки добре! Як буду мати фінансову можливість закину пару гривників на якусь каву або щось поміцніше :)

I need a bit more explanations than this like a more traditional tutorial, but this is the only video about secrets management on nix 😅

I was just looking into this! Thanks

Thank you - great video!! I have a question regarding t=96s where you add sops.age.keyFile to configuration.nix... If I am creating a configuration.nix to be shared and ultimately deployed on a different server/machine, the reference to the keyfile will be public (which should be fine). However, I do not believe it is discussed how the target server/machine is to get the keyfile (private age key} so that it can decript the details. Do you mind sharing or pointing me in the right direction of how you would do this?

YOU! SAVE MY DAY!!!

what if I want to just use my password to decrypt secrets?

At 2:02 you run sops command. Which at that point is not yet available. Should that be just added to systemPackages or just work just with rest of the configuration being done first? Also at 2:44 you are using "inputs" already inside "inputs"? For me this just generates building error: `"sops-nix" is a thunk while a ....` but ommiting it works though.

Is there a way to have a secret with multiple lines? In my case, I'm trying to make an environment file with multiple environment variables. If I do a YAML multi-line string, Sops seems to replace the newlines with spaces when it decodes the secret.

Your channel covers amazing topics and has good production quality. But still from all the videos I have seen over the years yours are some of the most difficult to follow, learn from, or reproduce. I am not sure if it's your presentation style or if I just don't know enough about the Nix language yet.

Just FYI: age is pronounced "ah-gay", because the name comes from Latin. "Age" in Latin is a command spoken to another person to "act"/"go". Here's a good example: kzbin.info/www/bejne/fYqqiYyPhNVnl9U

is there any way to use sops-nix for let's say git email for example? I've been searching for days and I found no other way around except running nixos with a --impure flag

The only thing I haven't been able to do with sops is to define hosts file. networking.hosts (not sure about the name, writing from a phone) requires a list and there's no any other way like "hostsFile" or something like we have for ssh-config, for example. Simply setting a path for sops secret to /etc/hosts doesn't work for me. Any ideas on how to implement this?

I don't know what I am doing wrong but I can't get past creating the secrets file at the 2 minutes point. when I run sops secrets.yaml and try to save the file I get the error "No master keys were provided, so sops can't encrypt the file. Press a key to return to the editor, or Ctrl+C to exit."

Are you going to cover other methods of secret management with Nix?

How scaleable are secrets? For example, if i have 10 programs which require user and password details, can i use secrets on all of them to save me having to authenticate each one? or do you need to rely on each program creating an api for the secret?

Awesome!!!

If you are using a new microphone, it sounds great!

Why not agenix?

Make one complete setup of hyprland with necessary packages on nixos

❤

great conrent

At the beginning, its say that the private key cant have passphrase. That isn't correct. You can add with 'export SSH_TO_AGE_PASSPHRASE=******' before your command. Like the following nix-shell -p ssh-to-age --run "export SSH_TO_AGE_PASSPHRASE='*****' && ssh-to-age -private-key -i ~/.ssh/private"

@2:02 sops: command not found. again a broken tutorial