mirror of
https://github.com/Mic92/sops-nix.git
synced 2025-12-26 14:14:58 +08:00
templates: improve docs
This commit is contained in:
Jörg Thalheim
parent
c89ee06488
commit
a915a2d7af
1 changed files with 48 additions and 19 deletions
43
README.md
43
README.md
|
|
@ -933,29 +933,58 @@ can be used together with sops-nix.
|
|||
|
||||
## Templates
|
||||
|
||||
If you need secrets in a configuration file you can use the template feature to interpolate them:
|
||||
If your setup requires embedding secrets within a configuration file, the `template` feature of `sops-nix` provides a seamless way to do this.
|
||||
|
||||
Here's how to use it:
|
||||
|
||||
1. **Define Your Secret**
|
||||
|
||||
Specify the secrets you intend to use. This will be encrypted and managed securely by `sops-nix`.
|
||||
|
||||
```nix
|
||||
{
|
||||
sops.secrets.your-secret = { };
|
||||
# At activation file, sops-nix will replace the placeholder with the configuration content
|
||||
}
|
||||
```
|
||||
|
||||
2. **Use Templates for Configuration with Secrets**
|
||||
|
||||
Create a template for your configuration file and utilize the placeholder where you'd like the secret to be inserted.
|
||||
During the activation phase, `sops-nix` will substitute the placeholder with the actual secret content.
|
||||
|
||||
```nix
|
||||
{
|
||||
sops.templates."your-config-with-secrets.toml".content = ''
|
||||
password = "${config.sops.placeholder.your-secret}"
|
||||
'';
|
||||
sops.templates."your-config-with-secrets.toml".owner = "servicuser";
|
||||
}
|
||||
```
|
||||
|
||||
You can also define ownership properties for the configuration file:
|
||||
|
||||
```nix
|
||||
{
|
||||
sops.templates."your-config-with-secrets.toml".owner = "serviceuser";
|
||||
}
|
||||
```
|
||||
|
||||
3. **Reference the Rendered Configuration in Services**
|
||||
|
||||
When defining a service (e.g., using `systemd`), refer to the rendered configuration (with secrets in place) by leveraging the `.path` attribute.
|
||||
|
||||
```nix
|
||||
{
|
||||
systemd.services.myservice = {
|
||||
# ...
|
||||
# ... (any other service attributes)
|
||||
|
||||
serviceConfig = {
|
||||
# you can refer to the rendered configuration with the secrets using the .path attribute.
|
||||
ExecStart = "${pkgs.myservice}/bin/myservice --config ${config.sops.templates."your-config-with-secrets.toml".path}";
|
||||
User = "serviceuser"
|
||||
User = "serviceuser";
|
||||
};
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
|
||||
## Related projects
|
||||
|
||||
- [agenix](https://github.com/ryantm/agenix): Similar features as sops-nix but
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue