A tool to manage credentials and other secrets as mutable state within a NixOS environment, consisting of a Rust executable, NixOS configuration, and associated documentation. Published as part of the Small Tech Kit, ISL's public resource for small organizations that want to host their own infrastructure, but usable independently. http://code.internetsafetylabs.org/nix-secret-manager/atom?h=main 2026-03-03T23:30:17+00:00 2026-03-03T23:30:17+00:00 Irene Knapp ireneista@internetsafetylabs.org 2026-03-03T23:30:17+00:00 urn:sha1:924a41074a56d76e197ecb0c74cfe3d6904c9fb5 Force-Push: initial development Change-Id: I2966407941866c422a0702776cadeb2b8263621e 2025-12-19T01:58:33+00:00 Irene Knapp ireneista@internetsafetylabs.org 2025-12-19T01:53:47+00:00 urn:sha1:911c00714295c13c7e9ec29941b9bbcc87705776 this produces a list of secrets, although it doesn't yet do any of the checking to see if the files actually exist, when they were modified, etc. it just prints the parsed data structure. this was kind of a pain to test, I had to make a fake machine config with some secrets and point it to it. we should figure out a way to use Rust's test framework to do that automatically, but that can be in a future CL, and I don't necessarily have to be the one to write it. Change-Id: I4c7d579d61e8f3694fe879998dae0f95baaeea05 2025-12-18T21:37:52+00:00 Irene Knapp ireneista@internetsafetylabs.org 2025-12-17T23:16:20+00:00 urn:sha1:d15feffcdb262f5e4686297e156319591895a945 Change-Id: I5e1570940fedf52bb560fd824270e201757004ed 2025-11-26T22:47:27+00:00 Irene Knapp ireneista@internetsafetylabs.org 2025-10-10T07:55:51+00:00 urn:sha1:01b7b60dc260aa7cf1dab6c15db13a88d5d92ada Change-Id: Ifec5dbbe20b2c625d448eba436620622af6c5120 2025-09-10T03:40:09+00:00 Irene Knapp ireneista@internetsafetylabs.org 2025-09-10T03:40:09+00:00 urn:sha1:a0061153aca2bb13b167efd6263a6fa83150e160 hopefully this will make the diffs more readable; otherwise the entire JSON file is a single huge line... depending on Perl feels heavyweight but keep in mind that Perl is already a mandatory part of any Linux system I'm familiar with, and it has a very nice JSON pretty-printer Change-Id: I817b4f6b63152673b31aeb32a3255d4c1b83942e 2025-09-10T03:26:57+00:00 Irene Knapp ireneista@internetsafetylabs.org 2025-09-10T03:19:12+00:00 urn:sha1:b7887228c4866b16b3d5cf7d923739ed9d7ea104 I've never done this before and am really proud of the code; I hope the comments help but feel free to ask questions. As you can see by looking at the diffs to `options.nix`, it did catch several issues that had gotten through up to this point. I'm pretty pleased with that. As before, `nix flake check` is all you need to do to run it. Change-Id: I99a550e92d7b4770e52b6aba763cff2bdc4c9287 2025-09-09T23:31:35+00:00 Irene Knapp ireneista@internetsafetylabs.org 2025-09-09T23:31:35+00:00 urn:sha1:cd82f4a96839ad4b7907e0355a87ded23b5fe584 this also adds the beginnings of a test harness; the test harness will become useful in a future CL, but for now `nix flake check` should continue to do what we want it to, and maybe slightly more Change-Id: I7f05bcb5588f2b52d79cf05cf22263f084e8be49 2025-09-02T17:16:00+00:00 Robert Orr robert@coffeezombie.com 2025-08-25T20:37:33+00:00 urn:sha1:2d2f73a9257035398e90d32dcfb7db74313d8fe6 Change-Id: I314d0350b03fedebeedc7eddedf409a286719486 2025-08-14T21:16:56+00:00 Irene Knapp ireneista@internetsafetylabs.org 2025-08-14T21:16:56+00:00 urn:sha1:89e48b600b01b21c2fae9c6414ddf66e0c38d7a6 I also took the liberty of adding some Rust libraries that I know will be useful Change-Id: Id5d98d86cdce653f6706903b75e285c72f2ba4b4 2025-08-14T20:26:23+00:00 Irenes ireneista@internetsafetylabs.org 2025-08-14T20:26:23+00:00 urn:sha1:20243027e12efb2563d628868f962867dee160dd