mirror of
https://github.com/ryantm/agenix.git
synced 2024-11-22 17:50:48 +03:00
Add notice about password-protected ssh keys
This commit is contained in:
parent
d42ba6964b
commit
8af97149b2
1 changed files with 1 additions and 0 deletions
|
@ -19,6 +19,7 @@ All files in the Nix store are readable by any system user, so it is not a suita
|
|||
|
||||
## Notices
|
||||
|
||||
* Password-protected ssh keys: since the underlying tool age/rage do not support ssh-agent, password-protected ssh keys do not work well. For example, if you need to rekey 20 secrets you will have to enter your password 20 times.
|
||||
* If you want to manage user's hashed passwords, you must use a version of NixOS with [commit e6b8587](https://github.com/NixOS/nixpkgs/commit/e6b8587b25a19528695c5c270e6ff1c209705c31), so the root-owned secrets can be decrypted before the user activation script runs. Currently only available on `unstable`.
|
||||
|
||||
## Installation
|
||||
|
|
Loading…
Reference in a new issue