sops nixos

Shhh it's a secret

If you are using a SSH key it cannot be password protected otherwise the process will fail. You can store the key file wherever you'd like but a common location is ~/.config/sops/age/keys.txt

Generate a non reproducible key:

nix shell nixpkgs#age -c age-keygen -o ~/.config/sops/age/keys.txt

Use a SSH key and be able to recreate your sops key file as needed:

nix run nixpkgs#ssh-to-age -- -private-key -i ~/.ssh/private > ~/.config/sops/age/keys.txt

You will need to generate a public key for your sops secret management

nix shell nixpkgs#age -c age-keygen -y ~/.config/sops/age/keys.txt