ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
dotfiles/flakes/secrets-bao
History
RingOfStorms (Joshua Bell) 07d87070f1 idk more stuff
2026-01-06 21:07:49 -06:00
..
flake.nix idk more stuff 2026-01-06 21:07:49 -06:00
nixos-module.nix idk more stuff 2026-01-06 21:07:49 -06:00
readme.md Add secrets-bao with sec CLI; use in hosts; fix git helpers 2026-01-06 20:05:14 -06:00

readme.md

  • Create machine in zitadel and generate a key. Put that at /machine-key.json
  • sudo chmod

CLI

If ringofstorms.secretsBao.enable = true, you also get a sec helper.

It reads /run/openbao/* files, so it will sudo itself if needed.

  • sec <kv-path> [field] reads a field (default: value) from KV v2.
  • It reuses /run/openbao/vault-agent.token when available, otherwise it logs in via the same jwt auth mount path using /run/openbao/zitadel.jwt.

Example:

  • sec machines/home_roaming/test value