Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Separate secrets and configuration #6

Open
cab404 opened this issue Feb 13, 2022 · 2 comments
Open

Separate secrets and configuration #6

cab404 opened this issue Feb 13, 2022 · 2 comments
Assignees
@cab404
Labels
question Further information is requested

Comments

@cab404
Copy link
Owner

cab404 commented Feb 13, 2022

Separate secrets and configuration

Currently
both private keys and configuration reside in a single wg-bond.json
file. You can't version control it, because it contains all the private
keys, but sometimes it's necessary (e.g for saving them alongside nixops
configs).

Not yet sure how to do this one though. Keeping two config files is cumbersome (maybe use config directory? (you can generate .gitignore automatically there)).

orig: https://gitlab.com/cab404/wg-bond/-/issues/30
@cab404 cab404 added the question Further information is requested label Mar 13, 2022
@cab404
Copy link
Owner Author

cab404 commented May 10, 2022

I guess this can be almost deemed complete, as wg-bond secret is already in master, and nix export supports providing directory for secrets.

  • Add a way to specify secrets location (in config/peer config)

@cab404 cab404 self-assigned this May 10, 2022
@cab404
Copy link
Owner Author

cab404 commented Jul 25, 2022

Now there's #19, we can think of evicting all of the secret material out of the config, and using a single derivation seed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cab404 cab404

Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cab404