secrets

We manage secrets in our repo using agenix. These secrets are keyed to specific developers via SSH public keys. Some are used for deployments, and some can be used for development.

You can read more about agenix and how secrets are used in our deployment here: https://garnix.io/docs/hosting/secrets

what secrets do we store?

# this file contains secrets that we can store encrypted in this repo.
# they can be decrypted by the specified ssh public keys using `agenix`.
let
  keys = import ./nix/keys.nix;
in
{
  # http basic auth for our test deployments
  "secrets/docs-http-basic.age".publicKeys = keys.allKeys;

  # RPC urls for our devnet indexer
  "secrets/devnet/backend.age".publicKeys = keys.allKeys;

  # RPC urls for our mainnet indexer
  "secrets/backend-mainnet.age".publicKeys = keys.allKeys;

  # a shared devnet wallet
  "secrets/devnet/keypair/wallet.age".publicKeys = keys.allDevKeys;
}

editing a secret

you must have your pubkey listed in secrets.nix for a secret if you want to modify the existing one!

ask someone whose key is in secrets.nix to be added.

To edit the secret backend.age, run

$ agenix -e secrets/docs-http-basic.age

Psyche

secrets

what secrets do we store?

editing a secret