I did an experiment combining sops-nix and LoadCredential. See details at the top of https://github.com/haskellfoundation/hf-infrastructure/blob/b2f63b4d6d1e3a532761c242283e3ed8aec11998/stackage-builder/nixos-modules/stackage-server.nix .
In those details, I highlight a shortcoming of the current approach. Now I think I could do a little better:
I did an experiment combining sops-nix and LoadCredential. See details at the top of https://github.com/haskellfoundation/hf-infrastructure/blob/b2f63b4d6d1e3a532761c242283e3ed8aec11998/stackage-builder/nixos-modules/stackage-server.nix .
In those details, I highlight a shortcoming of the current approach. Now I think I could do a little better:
builitns.dirOfto get the directory where secrets are held