agenix-shell

agenix-shell is the agenix counterpart for devShell. It provides options used to define a shellHook that, when added to your devShell, automatically decrypts secrets and export them.

Here's a template you can start from.

Installation

To use these options, add to your flake inputs:

agenix-shell.url = "github:aciceri/agenix-shell";

and inside the mkFlake:

imports = [
  inputs.agenix-shell.flakeModules.default
];

Run nix flake lock and you're set.

Options

agenix-shell.flakeName

Command returning the name of the flake, used as part of the secrets path.

Type: string

Default: "git rev-parse --show-toplevel | xargs basename"

Declared by:

agenix-shell.identityPaths

Path to SSH keys to be used as identities in age decryption.

Type: list of string

Default:

[
  "$HOME/.ssh/id_ed25519"
  "$HOME/.ssh/id_rsa"
]

Declared by:

agenix-shell.secrets

Attrset of secrets.

Type: attribute set of (submodule)

Example:

{
  foo.file = "secrets/foo.age";
  bar = {
    file = "secrets/bar.age";
    mode = "0440";
  };
}

Declared by:

agenix-shell.secrets.<name>.file

Age file the secret is loaded from.

Type: path

Declared by:

agenix-shell.secrets.<name>.mode

Permissions mode of the decrypted secret in a format understood by chmod.

Type: string

Default: "0400"

Declared by:

agenix-shell.secrets.<name>.name

Name of the variable containing the secret.

Type: unspecified value

Default: <name>

Declared by:

agenix-shell.secrets.<name>.namePath

Name of the variable containing the path to the secret.

Type: unspecified value

Default: <name>_PATH

Declared by:

agenix-shell.secrets.<name>.path

Path where the decrypted secret is installed.

Type: string

Default: "${config.agenix-shell.secretsPath}/<name>"

Declared by:

agenix-shell.secretsPath

Where the secrets are stored.

Type: string

Default: "/run/user/$(id -u)/agenix-shell/$(${config.agenix-shell.flakeName})/$(uuidgen)"

Declared by:

perSystem.agenix-shell.agePackage

The age package to use.

Type: package

Default: pkgs.rage

Declared by:

perSystem.agenix-shell.installationScript

Script that exports secrets as variables, it’s meant to be used as hook in devShells.

Type: package

Default: An automatically generated package

Declared by: