cross-posted from: https://lemmy.world/post/8269080

Someone on another website asked me whether it makes sense to use agenix or sops-nix to encrypt secrets for NixOS configurations.

I realized that I hadn't seen a good overview article of the different approaches to secret handling in NixOS and when each one is appropriate to use, so I put down all of my knowledge and opinions in this post 🤞