Vaultix

Secret Manage Scheme for NixOS

This project is highly inspired by agenix-rekey and sops-nix.

Based on age rust implementation
Parallel encryption at host granularity
Support secure identity with passphrase
Support template for reusing insensitive stanza
Support Yubikey PIV with age-yubikey-plugin
Small closure size increase¹
Fits well with new sysuser nixos userborn machenism²
Design with flake-parts and modulized flake
Written in Rust for speed, safety, and simplicity
Compatible and tested with common³ nixos deployment tools

¹

nix build result on Nov 19 2024, 1465128 bytes.

²

See merged pr 270727 and 332719

³

nixos-rebuild, apply, colmena was confirmed supported