mirror of
https://github.com/Mic92/sops-nix.git
synced 2025-12-26 14:14:58 +08:00
document templates
This commit is contained in:
Jörg Thalheim
Jörg Thalheim
parent
4f0f113b7d
commit
429007f7f3
1 changed files with 24 additions and 0 deletions
24
README.md
24
README.md
|
|
@ -931,6 +931,30 @@ securely in your version control, e.g.
|
|||
[git-agecrypt](https://github.com/vlaci/git-agecrypt). These types of solutions
|
||||
can be used together with sops-nix.
|
||||
|
||||
## Templates
|
||||
|
||||
If you need secrets in a configuration file you can use the template feature to interpolate them:
|
||||
|
||||
```nix
|
||||
{
|
||||
sops.secrets.your-secret = { };
|
||||
# At activation file, sops-nix will replace the placeholder with the configuration content
|
||||
sops.templates."your-config-with-secrets.toml".content = ''
|
||||
password = "${config.sops.placeholder.your-secret}"
|
||||
'';
|
||||
sops.templates."your-config-with-secrets.toml".owner = "servicuser";
|
||||
|
||||
systemd.services.myservice = {
|
||||
# ...
|
||||
serviceConfig = {
|
||||
# you can refer to the rendered configuration with the secrets using the .path attribute.
|
||||
ExecStart = "${pkgs.myservice}/bin/myservice --config ${config.sops.templates."your-config-with-secrets.toml".path}";
|
||||
User = "serviceuser"
|
||||
};
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
|
||||
## Related projects
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue