mirror of
https://github.com/milieuim/vaultix.git
synced 2026-02-27 12:45:20 +02:00
Secret managing scheme for NixOS
- Rust 66%
- Nix 33.6%
- Just 0.4%
c71bedd526* - flakehub cache action
* + bump cargo lock
* - pre commit lint
* + doc about some permisson issue
* - refine code
* + clippy hook
* - unuse deps
* + doc about submodule
* + fix typo
* flake.lock: Update
Flake lock file updates:
• Updated input 'crane':
'github:ipetkov/crane/aed2020fd3dc26e1e857d4107a5a67a33ab6c1fd?narHash=sha256-smpugNIkmDeicNz301Ll1bD7nFOty97T79m4GUMUczA%3D' (2025-07-03)
→ 'github:ipetkov/crane/b2f45c3830aa96b7456a4c4bc327d04d7a43e1ba?narHash=sha256-DrBaNpZ%2BsJ4stXm%2B0nBX7zqZT9t9P22zbk6m5YhQxS4%3D' (2026-01-30)
• Updated input 'flake-parts':
'github:hercules-ci/flake-parts/77826244401ea9de6e3bac47c2db46005e1f30b5?narHash=sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ%3D' (2025-07-01)
→ 'github:hercules-ci/flake-parts/80daad04eddbbf5a4d883996a73f3f542fa437ac?narHash=sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY%3D' (2026-01-11)
• Updated input 'flake-parts/nixpkgs-lib':
'github:nix-community/nixpkgs.lib/14a40a1d7fb9afa4739275ac642ed7301a9ba1ab?narHash=sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo%3D' (2025-06-29)
→ 'github:nix-community/nixpkgs.lib/2075416fcb47225d9b68ac469a5c4801a9c4dd85?narHash=sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo%3D' (2025-12-14)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/5c724ed1388e53cc231ed98330a60eb2f7be4be3?narHash=sha256-xVNy/XopSfIG9c46nRmPaKfH1Gn/56vQ8%2B%2BxWA8itO4%3D' (2025-07-04)
→ 'github:NixOS/nixpkgs/62c8382960464ceb98ea593cb8321a2cf8f9e3e5?narHash=sha256-kKB3bqYJU5nzYeIROI82Ef9VtTbu4uA3YydSk/Bioa8%3D' (2026-01-30)
• Updated input 'pre-commit-hooks':
'github:cachix/pre-commit-hooks.nix/16ec914f6fb6f599ce988427d9d94efddf25fe6d?narHash=sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg%3D' (2025-06-24)
→ 'github:cachix/pre-commit-hooks.nix/a8ca480175326551d6c4121498316261cbb5b260?narHash=sha256-Fok2AmefgVA0%2Beprw2NDwqKkPGEI5wvR%2BtwiZagBvrg%3D' (2026-02-01)
• Updated input 'pre-commit-hooks/flake-compat':
'github:edolstra/flake-compat/0f9255e01c2351cc7d116c072cb317785dd33b33?narHash=sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U%3D' (2023-10-04)
→ 'github:NixOS/flake-compat/5edf11c44bc78a0d334f6334cdaf7d60d732daab?narHash=sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns%3D' (2025-12-29)
• Updated input 'rust-overlay':
'github:oxalica/rust-overlay/9e5e62a33a929a67a5427fb7324a6f583dced0b2?narHash=sha256-dYO5X5jK8bpQOeRAo8R5aUt6M/%2BJi1cZgstZI7SQ2IA%3D' (2025-07-05)
→ 'github:oxalica/rust-overlay/bc00300f010275e46feb3c3974df6587ff7b7808?narHash=sha256-f1F/umtX3ZD7fF9DHSloVHc0mnAT0ry0YK2jI/6E0aI%3D' (2026-02-01)
* + make clippy happy
* + cargo audit check
|
||
|---|---|---|
| .github/workflows | ||
| apps | ||
| dev | ||
| doc | ||
| fuzz | ||
| module | ||
| src | ||
| .envrc | ||
| .gitignore | ||
| book.toml | ||
| Cargo.lock | ||
| Cargo.toml | ||
| compat.nix | ||
| flake-module.nix | ||
| flake.lock | ||
| flake.nix | ||
| justfile | ||
| LICENSE | ||
| README.md | ||
Vaultix
Secret managing scheme for NixOS
Highly inspired by agenix-rekey and sops-nix.
- Based on age rust implementation
- Parallel encryption at host granularity
- Support secure identity with passphrase
- Support template for reusing insensitive stanza
- Support secret as template (https://github.com/milieuim/vaultix/issues/12)
- Support Yubikey PIV with age-yubikey-plugin
- Fits well with new
sysusernixos userborn machenism - Design with flake-parts and modulized flake
- Compatible and tested with common nixos deployment tools
Setup
See docs