Secret managing scheme for NixOS
Highly inspired by agenix-rekey and sops-nix.
- Based on age rust implementation
- Parallel encryption at host granularity
- Support secure identity with passphrase
- Support template for reusing insensitive stanza
- Support Yubikey PIV with age-yubikey-plugin
- Fits well with new
sysusernixos userborn machenism - Design with flake-parts and modulized flake
- Compatible and tested with common nixos deployment tools
See docs