You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm wondering how to organise my secrets without specifying every single one of them explicitly
Is there some mechanism of how to specify glob patterns or regex's in the secrets.nix file?
It would be nice to be able to specify something like this:
In this example every host should be able to access anything in his directory and the backup-admin should additionally be able to access the backup-keys for all hosts (but not the other files of all hosts).
└── hosts
├── host1
│ ├── backup-key # Readable by 'host1' and 'backup-admin'
│ └── ssh-key # Readable by 'host1'
└── host2
├── backup-key # Readable by 'host2' and 'backup-admin'
└── ssh-key # Readable by 'host2'
Is this possible?
The text was updated successfully, but these errors were encountered:
Thanks for opening this issue. Currently, there is no support for globbing in ragenix.
We are struggling a bit with your request. On one hand, we certainly acknowledge that such a feature could be useful. On the other hand, we appreciate explicitness when dealing with secrets.
Maybe we could strike a balance by introducing an additional flag glob which defaults to false:
I think #52 (with lib support) can lead to similar results while relying on the nix language for string manipulation, rather than a "magical" rust implementation of globbing.
I'm wondering how to organise my secrets without specifying every single one of them explicitly
Is there some mechanism of how to specify glob patterns or regex's in the
secrets.nix
file?It would be nice to be able to specify something like this:
In this example every host should be able to access anything in his directory and the backup-admin should additionally be able to access the backup-keys for all hosts (but not the other files of all hosts).
Is this possible?
The text was updated successfully, but these errors were encountered: