dotfiles/flakes/secrets-bao at f83697c726508138bb8c9963a90abee2b60703ab - ringofstorms/dotfiles - Josh's Git

ringofstorms/dotfiles

History

RingOfStorms (Joshua Bell) f8f93a97dc Add secrets-bao with sec CLI; use in hosts; fix git helpers		2026-01-06 20:05:14 -06:00
..
flake.nix	Use conditional identityFile in SSH host configs	2026-01-06 16:11:04 -06:00
nixos-module.nix	Add secrets-bao with sec CLI; use in hosts; fix git helpers	2026-01-06 20:05:14 -06:00
readme.md	Add secrets-bao with sec CLI; use in hosts; fix git helpers	2026-01-06 20:05:14 -06:00

readme.md

Create machine in zitadel and generate a key. Put that at /machine-key.json
sudo chmod

CLI

If ringofstorms.secretsBao.enable = true, you also get a sec helper.

It reads /run/openbao/* files, so it will sudo itself if needed.

sec <kv-path> [field] reads a field (default: value) from KV v2.
It reuses /run/openbao/vault-agent.token when available, otherwise it logs in via the same jwt auth mount path using /run/openbao/zitadel.jwt.

Example:

sec machines/home_roaming/test value