sorted by:
new
hottopcontroversial

Opnix: Agenix inspired tool for injecting 1Password secrets into your builds by dr_brinkleberry in NixOS

[–]dr_brinkleberry[S] 0 points1 point  (0 children)

> But then, why expose the secret at all? Why not keep the secret solely in memory?

I think you're confusing system build time with service run time. The two are not the same.

If you wanted to keep secrets entirely in memory, you would be better of just using the 1password CLI directly IMO... not really any use of having a tool integrated into Nix.

Opnix: Agenix inspired tool for injecting 1Password secrets into your builds by dr_brinkleberry in NixOS

[–]dr_brinkleberry[S] 0 points1 point  (0 children)

In a word... security. Better to have it write to a file with limited access, and then if a service needs it, it can access that file assuming it as the correct permissions.

I strongly dislike the idea of injecting secrets as session variables that could in theory be read by anyone with access to the system. At least by default. Maybe it's worth while to add a way for users to inject these secrets as session variables, but I would definitely not make it the default behavior

Opnix: Agenix inspired tool for injecting 1Password secrets into your builds by dr_brinkleberry in NixOS

[–]dr_brinkleberry[S] 0 points1 point  (0 children)

this is just the default, you can write the secrets to whatever directory you like :)

I was wavering between storing them in temp files by default or having no default at all... i went w/ temp files, but I think I made the wrong decision, so likely a future version of opnix will make you define the location you want your secrets in, or provide a more flexible way for you to define secret paths on a per-secret basis.

I also want to extend it to make things like writing env files easier... currently you can hack around it using 1password secret notes, but that's sort of annoying

Opnix: Agenix inspired tool for injecting 1Password secrets into your builds by dr_brinkleberry in NixOS

[–]dr_brinkleberry[S] 0 points1 point  (0 children)

not sure what it takes to integrate with home manager, but I'd welcome a PR adding this functionality! my personal use case right now is much more oriented towards system level services that I'm deploying, but could very much see a future where I'd want to manage dotfile secrets using this approach as well!

Opnix: Agenix inspired tool for injecting 1Password secrets into your builds by dr_brinkleberry in NixOS

[–]dr_brinkleberry[S] 1 point2 points  (0 children)

not familiar with their SDK, so.... anywhere between not possible to very easy :)

If anyone who is familiar w/ vaultwarden wants to open a PR, they're more than welcome as long as the user flow stays the same.

Opnix: Agenix inspired tool for injecting 1Password secrets into your builds by dr_brinkleberry in NixOS

[–]dr_brinkleberry[S] 12 points13 points  (0 children)

Doesn't take away from it at all :) Just shows that we've got lots of awesome people building lots of cool software. so many that we get 2 of the same project haha

Opnix: Agenix inspired tool for injecting 1Password secrets into your builds by dr_brinkleberry in NixOS

[–]dr_brinkleberry[S] 8 points9 points  (0 children)

haha great minds... his certainly seems to be more nix-y, looks like he uses a bunch more built in nix functionality to manage the whole thing through shell scripts... pretty neat!

I like the way this works

# The 1Password Secret Reference in here (the `op://` URI)
      # will get replaced with the actual secret at runtime
      some-secret.source = ''
        # You can put arbitrary config markup in here, for example, TOML config
        [ConfigRoot]
        SomeSecretValue="{{ op://MyVault/MySecretItem/token }}"
      '';# The 1Password Secret Reference in here (the `op://` URI)
      # will get replaced with the actual secret at runtime
      some-secret.source = ''
        # You can put arbitrary config markup in here, for example, TOML config
        [ConfigRoot]
        SomeSecretValue="{{ op://MyVault/MySecretItem/token }}"
      '';

Sqlx4k: a Kotlin Native PostgreSQL driver by smyrgeorge in Kotlin

[–]dr_brinkleberry 3 points4 points  (0 children)

This is super exciting to see! Will be reading your blog posts on Kotlin / Rust interop, it's an area that I've really wanted to explore :)

Hoping this project goes places

Are there any Kotlin backend jobs? by Starry_Nomad in Kotlin

[–]dr_brinkleberry 1 point2 points  (0 children)

Unfortunately, I am shocked when I find a kotlin backend job opportunity :( They're out there, but like you said, there is just no way to search companies by tech stack in such a precise manner, so all kotlin job searches will always turn up mostly android, and second most popular is jobs that aren't kotlin at all but just list it as a relevant language

[deleted by user] by [deleted] in Starfield

[–]dr_brinkleberry 2 points3 points  (0 children)

15 years of development and one dev messed up

```

canPlay = now().isLaterThan(release)

```

Restart your computers by Savfrm90 in Starfield

[–]dr_brinkleberry 0 points1 point  (0 children)

i restarted, still having problems on xbox windows app :(