use agenix to manage some secrets

I have some secrets that I want to manage for my user without having to rely on 1password, and ensure proper rotation everywhere when needed. For now we only have two secrets (one for `llm` and another one is the API key for anthropic for Emacs). Will document the process better in the near future.
author: Franck Cuny <franck@fcuny.net> 2025-06-08 20:01:34 -0700
committer: Franck Cuny <franck@fcuny.net> 2025-06-08 20:01:34 -0700
commit: f67e56485509ce87bfc8d079813261848037104d (patch)
tree: 5478931cfaa2133939154821ee7f8b75149b3d07 /nix/users/fcuny/secrets.nix
parent: install agenix again (diff)
download: infra-f67e56485509ce87bfc8d079813261848037104d.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/nix/users/fcuny/secrets.nix b/nix/users/fcuny/secrets.nix
new file mode 100644
index 0000000..0b6f7b6
--- /dev/null
+++ b/nix/users/fcuny/secrets.nix
@@ -0,0 +1,17 @@
+{ config, ... }:
+{
+  age = {
+    identityPaths = [ "${config.home.homeDirectory}/.ssh/nixos" ];
+    secretsDir = "${config.home.homeDirectory}/.local/share/agenix";
+
+    secrets = {
+      llm = {
+        file = ../../../secrets/users/fcuny/llm.age;
+        path = "${config.home.homeDirectory}/.config/llm/keys.json";
+      };
+      anthropic-api-key = {
+        file = ../../../secrets/users/fcuny/anthropic-api-key.age;
+      };
+    };
+  };
+}
author	Franck Cuny <franck@fcuny.net>	2025-06-08 20:01:34 -0700
committer	Franck Cuny <franck@fcuny.net>	2025-06-08 20:01:34 -0700
commit	f67e56485509ce87bfc8d079813261848037104d (patch)
tree	5478931cfaa2133939154821ee7f8b75149b3d07 /nix/users/fcuny/secrets.nix
parent	install agenix again (diff)
download	infra-f67e56485509ce87bfc8d079813261848037104d.tar.gz