agenix-shell
agenix-shell is the agenix counterpart for devShell.
It provides options used to define a shellHook that, when added to your devShell, automatically decrypts secrets and export them.
Here's a template you can start from.
Installation
To use these options, add to your flake inputs:
agenix-shell.url = "github:aciceri/agenix-shell";
and inside the mkFlake:
imports = [
inputs.agenix-shell.flakeModules.default
];
Run nix flake lock and you're set.
Options
agenix-shell.identityPaths
Path to SSH keys to be used as identities in age decryption.
Type: list of string
Default:
[
"$HOME/.ssh/id_ed25519"
"$HOME/.ssh/id_rsa"
]
Declared by:
agenix-shell.secrets
Attrset of secrets.
Type: attribute set of (submodule)
Example:
{
foo.file = "secrets/foo.age";
bar = {
file = "secrets/bar.age";
mode = "0440";
};
}
Declared by:
agenix-shell.secrets.<name>.file
Age file the secret is loaded from.
Type: absolute path
Declared by:
agenix-shell.secrets.<name>.mode
Permissions mode of the decrypted secret in a format understood by chmod.
Type: string
Default:
"0400"
Declared by:
agenix-shell.secrets.<name>.name
Name of the variable containing the secret.
Type: valid shell variable name (string matching the pattern ^[_A-Za-z][_A-Za-z0-9]+$)
Default:
<name>
Declared by:
agenix-shell.secrets.<name>.namePath
Name of the variable containing the path to the secret.
Type: valid shell variable name (string matching the pattern ^[_A-Za-z][_A-Za-z0-9]+$)
Default:
<name>_PATH
Declared by:
perSystem.agenix-shell.agePackage
The age package to use.
Type: package
Default:
pkgs.rage
Declared by:
perSystem.agenix-shell.installationScript
Script that exports secrets as variables, it’s meant to be used as hook in devShells.
Type: package
Default: An automatically generated package
Declared by: