HabrГде хранить пароли в NixOS?
NixOS хранит конфигурацию всей системы, включая пароли. И это, очевидно, небезопасно. В этой статье разберёмся, где никсоводы прячут свои пароли.
ephaseNouvel article sur mon blog : gérer ses secrets avec #sops
https://xieme-art.org/post/gerer-ses-secrets-avec-sops/
Le tout avec des exemples d'utilisation : scripts, #kubernetes et #Nix.
Przemysław KołodziejczykManaging #GitHub repositories and secrets with #OpenTofu, #SOPS, and #1Password.
https://eshlox.net/managing-github-repos-secrets-opentofu-sops-1password
Managing GitHub repositories and secrets with OpenTofu, SOPS, and 1Password | eshlox
A practical guide to managing GitHub repository settings, environments, and secrets as code using OpenTofu, SOPS encryption, and 1Password. Covers project structure, configuration patterns, and step-by-step setup.
Teddy / Domingo (🇨🇵/🇬🇧)Gérer ses secrets avec #sops. Gérer les secrets dans vos dépôts de code est une gageure ? SOPS — pour Secrets OPerationS — est sûrement l’outil qu’il vous faut. Il permet une gestion simple et efficace de secrets, seul ou en équipe.
https://xieme-art.org/post/gerer-ses-secrets-avec-sops/
#chiffrement #kubernetes
https://xieme-art.org/post/gerer-ses-secrets-avec-sops/
#chiffrement #kubernetes
HoldMyType#Git Filters - Automagically #SOPS All The Things
With the scripts provided, Alice is equipped with the last missing pieces to automate the overall process. Instead of semi-manually decrypting the file before using a Git filter can do the trick:
https://devops.datenkollektiv.de/using-sops-with-age-and-git-like-a-pro.html
With the scripts provided, Alice is equipped with the last missing pieces to automate the overall process. Instead of semi-manually decrypting the file before using a Git filter can do the trick:
https://devops.datenkollektiv.de/using-sops-with-age-and-git-like-a-pro.html
wiggitywhitneySOPS is a CLI tool that encrypts and decrypts files. But can you use it declaratively?
Andrew Block explains in this 🌩️ Thunder episode:
https://youtu.be/9jgKuHzaYpU
GPG, AWS KMS, GCP KMS, Azure Key Vault — why learn four CLIs when one will do?
Andrew Block explains how SOPS gives you one interface for all of them in this 🌩️ Thunder episode:
https://youtu.be/9jgKuHzaYpU
Helm or Kustomize? The real question is: how do you get secrets into either one safely?
Andrew Block explains how SOPS integrates with both in this 🌩️ Thunder episode: https://youtu.be/9jgKuHzaYpU
Database credentials, SSH keys, Kubernetes secrets — how do you protect them all without juggling different tools?
Andrew Block explains in this 🌩️ Thunder episode: https://youtu.be/9jgKuHzaYpU
Unixorn - 90% Snark by weightWrote a post about setting up sops and the sops-operator on a #homelab #kubernetes cluster
https://unixorn.github.io/post/homelab/k8s/03-secret-management-with-sops/
Secret Management with SOPS
This is part 3 of my Kubernetes homelab cluster setup series. The cluster is up, but it isn’t very usable yet. Before we and any services, we need to set up secrets management. In this post, we’re going to add secret management to the cluster with sops and age so we can safely check our configuration into git. Talos Kubernetes Homelab Setup Series Part 1 - Setting up Talos with a Cilium CNI on proxmox Part 2 Add SSL to Kubernetes using Cilium, cert-manager and LetsEncrypt with domains hosted on Amazon Route 53 Part 3 - Secret Management with SOPS Prerequisites A working kubernetes cluster. I’m using Talos for mine, but regular kubernetes or k3s clusters will work too. If you need to set up a new cluster, or configure an existing one to use Cilum, read part one of this series. cilium, kubectl & helm - if you don’t want to brew install them, install instructions are at cilium.io, helm.sh and kubectl. sops and age. On a Mac, you can run brew install sops age. If you’re using Linux or Windows, use the age installation instructions and sops installation instructions. Goal I have my cluster configuration in git so that it’s easy to recreate if I break something while experimenting. I don’t want to commit secrets into git in cleartext though. Instead, I want to encrypt our secrets in a way that the cluster can decrypt them, but they’re safe to check into source control.