dotfiles/flakes/secrets-bao/readme.md at 792a63bebf07a0d023192bc5888d4a7fa8648b01 - ringofstorms/dotfiles - Josh's Git

ringofstorms/dotfiles

RingOfStorms (Joshua Bell) f8f93a97dc Add secrets-bao with sec CLI; use in hosts; fix git helpers

2026-01-06 20:05:14 -06:00

516 B

Raw Blame History

Create machine in zitadel and generate a key. Put that at /machine-key.json
sudo chmod

CLI

If ringofstorms.secretsBao.enable = true, you also get a sec helper.

It reads /run/openbao/* files, so it will sudo itself if needed.

sec <kv-path> [field] reads a field (default: value) from KV v2.
It reuses /run/openbao/vault-agent.token when available, otherwise it logs in via the same jwt auth mount path using /run/openbao/zitadel.jwt.

Example:

sec machines/home_roaming/test value