harivansh-afk/nix
1
1
Fork 0
mirror of https://github.com/harivansh-afk/nix.git synced 2026-04-15 05:02:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

secrets

Browse source
This commit is contained in:
Harivansh Rathi 2026-03-14 15:54:30 -04:00
parent 25296e3504
commit ba0f284dba
3 changed files with 87 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
README.md
View file

@ -47,6 +47,10 @@ Bitwarden note:
- `bw` is installed via Homebrew as `bitwarden-cli`
- `bws` is not currently managed in this repo because I did not find a
supported nixpkgs or Homebrew package for it on macOS during verification
- daily shell secrets are synced from Bitwarden into `~/.config/secrets/shell.zsh`
via `just secrets-sync`
- vault items are currently the source of truth for imported machine secrets and
SSH material
## Commands
@ -94,7 +98,8 @@ just secrets-sync
## What Still Needs Manual Handling
- Secrets and tokens under `~/.secrets`, `~/.npmrc`, `~/.config/gcloud`, `~/.config/gh`, and similar paths
- Promoting vault-backed secrets into Bitwarden Secrets Manager machine-account
flows, if you want fully non-interactive sandbox secret injection later
- App state under `~/Library/Application Support`
- Anything that depends on local credentials, keychains, or encrypted stores
- Manual cleanup of old non-Nix installs that are no longer wanted