Secret Manage Scheme for NixOS
This project is highly inspired by agenix-rekey and sops-nix.
- Based on age rust implementation
- Parallel encryption at host granularity
- Support secure identity with passphrase
- Support template for reusing insensitive stanza
- Support secret as template #12
- Support Yubikey PIV with age-yubikey-plugin
- Small closure size increase1
- Fits well with new
nixos userborn machenism2 - Design with flake-parts and modulized flake
- Written in Rust for speed, safety, and simplicity
- Compatible and tested with common3 nixos deployment tools
nix build result on Nov 19 2024, 1465128 bytes.
nixos-rebuild, apply, colmena was confirmed supported