summaryrefslogtreecommitdiffstats
path: root/2024/talks/secrets.md
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--2024/talks/secrets.md6
1 files changed, 3 insertions, 3 deletions
diff --git a/2024/talks/secrets.md b/2024/talks/secrets.md
index c6e4eae9..b6b75dca 100644
--- a/2024/talks/secrets.md
+++ b/2024/talks/secrets.md
@@ -40,10 +40,10 @@ My name is Jonathan Otsuka. I have a background in software development and SRE/
- A: The biggest use case that I've been using it recently is, Bitbucket has a way to... In a repository, you can store non-secrets and secrets. So we're trying to move the secrets into the repository and then allow the engineers to have access to that. Bitbucket variables is a black box. Since the devs can access it, it's manual work for everybody that has to deal with it. Since we're moving SOPS-encrypted files into the repo, now there's that trackability from who made the change and what it changed from, what did it go to, and just things like that. You can use it anytime you'd want to commit them.
- Q: One limitation with guix (similar package manager to nix) is there is no great way of storing secrets in the store, would SOPS be useful for this?
- nixos -
- [https://github.com/Mic92/sops-nix](https://github.com/Mic92/sops-nix){rel="noreferrer noopener"}
- - [https://nixos.wiki/wiki/Comparison_of_secret_managing_schemes](https://nixos.wiki/wiki/Comparison_of_secret_managing_schemes){rel="noreferrer noopener"}
+ [https://github.com/Mic92/sops-nix](https://github.com/Mic92/sops-nix)
+ - [https://nixos.wiki/wiki/Comparison_of_secret_managing_schemes](https://nixos.wiki/wiki/Comparison_of_secret_managing_schemes)
- guix -
- [https://github.com/fishinthecalculator/sops-guix](https://github.com/fishinthecalculator/sops-guix){rel="noreferrer noopener"}
+ [https://github.com/fishinthecalculator/sops-guix](https://github.com/fishinthecalculator/sops-guix)
- I think so, but I don't know how that package manager works, if it's just like some sort of "you decrypt and then you run the package manager," then yeah, that's a lot of our workflows. If we're doing a deployment and the container needs it, we'll decrypt, put that in whatever place, or source it if it's an environment file for the container, and then pass it in. I think it'd be a great choice there.
- Q:Wacky question: what happens in sops-mode if you encrypt the already encrypted file as if it was plaintext?
- A: You know, I might have actually accidentally did that today. I didn't actually see the resulting file. But that's a great question. Well, it's technically still binary, isn't it, at the end? You've got binary stuff that is being encrypted again. It's just double encryption. I'm pretty sure it works.
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-13 12:01:33 +0000