commit 716a6839cd9983f04890ca4c26c1701e5d8d861c
parent 0a2e4940803a4ce956ccbd04643f013dec100504
Author: Tomas Hlavaty <tom@logand.com>
Date: Sun, 22 Sep 2019 23:37:35 +0200
formatting
Diffstat:
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/README b/README
@@ -175,6 +175,11 @@ the target machine configuration.nix:
Nix does not address management of secrets.
+Some NixOS deployment tools try to handle it by creating the secret
+keys somewhere and then pushing them to the target machines. I am not
+convinced that this is the right approach. Secrets should not be
+pushed around unnecessarily.
+
What I do, for example, for tinc:
- define the tinc service with empty fields for unknown public keys
@@ -187,8 +192,3 @@ What I do, for example, for tinc:
- deploy the tinc service for the second time, this time with the
public key already filled in
-
-Some NixOS deployment tools try to handle it by creating the secret
-keys somewhere and then pushing them to the target machines. I am not
-convinced that this is the right approach. Secrets should not be
-pushed around unnecessarily.
