Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add sops-yubikey support #516

Closed
wants to merge 2 commits into from
Closed

add sops-yubikey support #516

wants to merge 2 commits into from

Conversation

Mic92
Copy link
Owner

@Mic92 Mic92 commented Mar 18, 2024

No description provided.

@Mic92 Mic92 force-pushed the yubikey-support branch from 0ffb560 to b9d74d0 Compare March 18, 2024 15:05
@Mic92 Mic92 force-pushed the yubikey-support branch 3 times, most recently from 1bcbb46 to 8be18e9 Compare March 22, 2024 13:40
@Mic92 @SuperSandro2000
add sops-yubikey support
913b138 
Update pkgs/sops-yubikey/default.nix

Co-authored-by: Sandro <[email protected]>
@Mic92 Mic92 force-pushed the yubikey-support branch from e9a7520 to 913b138 Compare March 22, 2024 14:36
@NovaViper
Copy link

@Mic92 Hey would it be possible to add this into the Home-manager module aswell? I just got it to work with the NixOS module perfectly but only to realize there is no such support made for the Home-Manager module. I get this error when trying to do run it with Home-Manager so:

Jun 11 16:39:19 ryzennova cxjq971my8x38hkzvc79fi35s200xngs-sops-nix-user[1018837]: [AGE]         time="2024-06-11T16:39:19-05:00" level=warning msg="could not read value for age-plugin-yubikey: standard input is not a terminal, and /dev/tty is not available: open /dev/tty: no such device or address"
Jun 11 16:39:19 ryzennova cxjq971my8x38hkzvc79fi35s200xngs-sops-nix-user[1018837]: /nix/store/53d071k93bf74clq4bsj71xg57cys0dq-sops-install-secrets-0.0.1/bin/sops-install-secrets: Failed to decrypt '/nix/store/2pz3j4hym109mljaifnyb9qzv9zzr2br-srv_dev_disk_by_uuid_5aaed6a3_d2c7_4623_b121_5ebb8d37d930_Backups': Error getting data key: 0 successful groups required, got 0
Jun 11 16:39:19 ryzennova systemd[3431]: sops-nix.service: Main process exited, code=exited, status=1/FAILURE

And this is my config for sops on Home-Manager

{
  config,
  inputs,
  ...
}: {
  imports = [inputs.sops-nix.homeManagerModules.sops];

  sops = {
    age = {
      #plugins = with pkgs; [age-plugin-yubikey];
      sshKeyPaths = [];
      keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
    };
    gnupg = {
      #home = "${config.home.homeDirectory}/.gnupg";
      sshKeyPaths = [];
    };
  };
}

@OliverGeneser
Copy link

What is the status on this PR? Is any help required?

@Mic92
Copy link
Owner Author

Mic92 commented Oct 12, 2024

@OliverGeneser you can help if you want. Rather than my pull request this should than use FiloSottile/age#591 and getsops/sops#1641
And instead of the yubikey plugin I would now actually prefer https://github.com/olastor/age-plugin-fido2-hmac because it not only works with yubikeys but all sorts of fido2 token (less vendor login)

@brianmcgee
Copy link

Rather than my pull request this should than use FiloSottile/age#591 and getsops/sops#1641

I've done that here #680

I recently updated it with getsops/sops#1641 (comment)

@Mic92
Copy link
Owner Author

Mic92 commented Nov 24, 2024

super seeded by #680

@Mic92 Mic92 closed this Nov 24, 2024
@Mic92 Mic92 deleted the yubikey-support branch November 24, 2024 15:56
@Ramblurr Ramblurr mentioned this pull request Dec 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SuperSandro2000 SuperSandro2000 SuperSandro2000 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Mic92 @NovaViper @OliverGeneser @brianmcgee @SuperSandro2000