mirror of
https://github.com/ryantm/agenix.git
synced 2024-11-22 01:30:48 +03:00
commit
0d5e59ed64
1 changed files with 12 additions and 0 deletions
12
README.md
12
README.md
|
@ -304,6 +304,18 @@ authentication code (MAC) like other implementations like GPG or
|
|||
[sops](https://github.com/Mic92/sops-nix) have, however this was left
|
||||
out for simplicity in `age`.
|
||||
|
||||
### builtins.readFile anti-pattern
|
||||
|
||||
```nix
|
||||
{
|
||||
# Do not do this!
|
||||
config.password = builtins.readFile config.age.secrets.secret1.path;
|
||||
}
|
||||
```
|
||||
|
||||
This can cause the cleartext to be placed into the world-readable Nix
|
||||
store. Instead, have your services read the cleartext path at runtime.
|
||||
|
||||
## Acknowledgements
|
||||
|
||||
This project is based off of [sops-nix](https://github.com/Mic92/sops-nix) created Mic92. Thank you to Mic92 for inspiration and advice.
|
||||
|
|
Loading…
Reference in a new issue