dotfiles

History

RingOfStorms (Joshua Bell) 792a63bebf Add tmpfiles placeholders for secrets and ensure parent dirs		2026-01-09 18:32:37 -06:00
..
flake.nix	idk more stuff	2026-01-06 21:07:49 -06:00
nixos-module.nix	Add tmpfiles placeholders for secrets and ensure parent dirs	2026-01-09 18:32:37 -06:00
readme.md	Add secrets-bao with sec CLI; use in hosts; fix git helpers	2026-01-06 20:05:14 -06:00

CLI

If ringofstorms.secretsBao.enable = true, you also get a sec helper.

It reads /run/openbao/* files, so it will sudo itself if needed.

sec <kv-path> [field] reads a field (default: value) from KV v2.
It reuses /run/openbao/vault-agent.token when available, otherwise it logs in via the same jwt auth mount path using /run/openbao/zitadel.jwt.

Example: