Creating Secrets
agenix relies on your SSH public key, so you must have a completed user entry in users.nix.
Once that is done, define the secret in secrets.nix. For example, to add a secret named secret1 on prod-02, add this line:
"secrets/prod-02/secret1.age".publicKeys = admins ++ [ prod-02 ];If the host directory does not exist, create it before continuing:
mkdir -p secrets/prod-02Then, from the root of the repository (/etc/nixos), create the secret file:
agenix -e secrets/prod-02/secret1.ageThis command will prompt you to enter the secret value. After entering the value, it will be encrypted and saved to the specified file, which should immediately be committed to source control.