tdpeuter/bos55-nix-config-cicd
1
Fork 0
forked from Bos55/nix-config
Code Pull requests 1 Releases Packages Activity Actions
bos55-nix-config-cicd/modules/common/secrets.nix
Tibo De Peuter 1c437333f3
Some checks failed
Build / Determining hosts to build (push) Failing after 12m41s
Details
Build / build (Development) (push) Has been cancelled
Details
Build / build (Testing) (push) Has been cancelled
Details
feat(security): implement metadata redaction and sops-nix migration 
Migrated authorized SSH keys and personal metadata (emails, tokens) to sops-nix to prevent infrastructure fingerprinting. Introduced centralized secrets module with placeholder fallbacks.
2026-03-17 19:41:31 +01:00

18 lines
509 B
Nix
Raw Permalink Blame History

{ config, lib, ... }:
{
sops.secrets = {
# -- User Public Keys (Anti-Fingerprinting) --
"user_keys_admin" = { neededForUsers = true; };
"user_keys_deploy" = { neededForUsers = true; };
"user_keys_backup" = { neededForUsers = true; };
# -- Infrastructure Metadata --
# Hugo TODO: Populate these in your .sops.yaml / secrets file
"acme_email" = {};
"cloudflare_dns_token" = {};
"pgadmin_email" = {};
"gitea_mailer_from" = {};
"vaultwarden_smtp_from" = {};
};
}
View git blame Copy permalink