-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Specify access token via file #6536
Comments
Rather than a separate option, we could adopt the same syntax as |
That works, if the token never starts with an ´@´. But if that's the case, I'd like the more generic solution. I guess another option would be to use |
I'd also very much like to be able to specify these as separate file references, I guess maybe something like this?
Any idea how hard this would be to implement? I'd like to be able to throw |
I guess that'd only work if the tokens can't start with an |
After thinking about this today, it would be a bad idea to add a semantic to include file content directly into the configuration file value. However, this would require more work but I think would play a lot nicer with automation and a clear syntax would be to use attributes sets, in which
|
It's possible to include other files in {
nix = {
extraOptions = ''
experimental-features = nix-command flakes
!include ${config.sops.secrets.nixAccessTokens.path}
'';
};
sops.secrets.nixAccessTokens = {
mode = "0440";
group = config.users.groups.keys.name;
};
} Notice the Also, notice that the user running the nix command needs read access to the secret file. What is not possible with |
That's what |
👍 Right, I missed the |
New github tokens always start with
Noise, trying that out right now. |
Somewhat related, would anyone be interested more specific url matching for the tokens? |
Why not get access-token from other files like
|
It would also be nice to be able to set access-tokens via an environment variable. |
Technically you can already do that via
|
But we can't use it in nix.conf due to NixOS/nix#6536
Where is this |
It is not directly documented, but it is part of the https://nix.dev/manual/nix/stable/command-ref/conf-file#file-format
And then the option: |
Is your feature request related to a problem? Please describe.
I need to specify a github acess-token, if I want to include private repositories as flake inputs. I manage my
/etc/nix/nix.conf
declaratively on NixOS.Describe the solution you'd like
I would like to keep the access token in a separate file using something like agenix or sops, to not have it end up in the nix store and in version control.
An option like
acess-tokens-file = /run/secrets/access-tokens
would be nice.Ideally I'd be able to specify different access tokens in different files, e.g.
acess-tokens-files = github.com=/run/secrets/github-acess-token gitlab.com=/run/secrets/gitlab-acess-token
Describe alternatives you've considered
~/.config/nix/nix.conf
access-tokens-files
option in/etc/nix/nix.conf
The text was updated successfully, but these errors were encountered: