Merge pull request #34 from edrex/patch-1

Extend the tutorial to describe location of decrypted secrets
This commit is contained in:
Ryan Mulligan 2021-05-06 06:18:42 -07:00 committed by GitHub
commit c12ac8b6f3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -161,8 +161,11 @@ but, if you want to (change the system based on your system):
```nix ```nix
age.secrets.secret1.file = ../secrets/secret1.age; age.secrets.secret1.file = ../secrets/secret1.age;
``` ```
5. NixOS rebuild or use your deployment tool like usual. 5. NixOS rebuild or use your deployment tool like usual.
The secret will be decrypted to the value of `age.secrets.secret1.path` (`/run/secrets/secret1` by default). For per-secret options controlling ownership etc, see [modules/age.nix](modules/age.nix).
## Rekeying ## Rekeying
If you change the public keys in `secrets.nix`, you should rekey your If you change the public keys in `secrets.nix`, you should rekey your