pkg/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2026-02-03 19:48:53 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Prune old secrets generations

Browse source 
Closes #128
This commit is contained in:
Janne Heß 2021-11-06 21:29:22 +01:00
parent 517628cc1d
commit af29ac4d84
No known key found for this signature in database
GPG key ID: 69165158F05265DF
3 changed files with 95 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
modules/sops/default.nix
View file

@ -110,6 +110,7 @@ let
# Does this need to be configurable?
secretsMountPoint = "/run/secrets.d";
symlinkPath = "/run/secrets";
keepGenerations = cfg.keepGenerations;
gnupgHome = cfg.gnupg.home;
sshKeyPaths = cfg.gnupg.sshKeyPaths;
ageKeyFile = cfg.age.keyFile;
@ -164,6 +165,14 @@ in {
'';
};
keepGenerations = mkOption {
type = types.ints.unsigned;
default = 1;
description = ''
Number of secrets generations to keep. Setting this to 0 disables pruning.
'';
};
log = mkOption {
type = types.listOf (types.enum [ "keyImport" "secretChanges" ]);
default = [ "keyImport" "secretChanges" ];