From f67e56485509ce87bfc8d079813261848037104d Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sun, 8 Jun 2025 20:01:34 -0700
Subject: use agenix to manage some secrets

I have some secrets that I want to manage for my user without having
to rely on 1password, and ensure proper rotation everywhere when
needed.

For now we only have two secrets (one for `llm` and another one is the
API key for anthropic for Emacs).

Will document the process better in the near future.
---
 docs/secrets.org | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 docs/secrets.org

(limited to 'docs')

diff --git a/docs/secrets.org b/docs/secrets.org
new file mode 100644
index 0000000..04452dc
--- /dev/null
+++ b/docs/secrets.org
@@ -0,0 +1,15 @@
+* Secrets
+
+** SSH keys
+
+Get the ssh key from 1password with the following command:
+#+begin_src sh
+  op read "op://Private/nixos/private key?ssh-format=openssh" > ~/.ssh/nixos
+  op read "op://Private/nixos/public key?ssh-format=openssh" > ~/.ssh/nixos.pub
+#+end_src
+
+To create or edit a secret:
+#+begin_src
+  cd (git rev-parse --show-toplevel)/secrets
+  agenix -i ~/.ssh/nixos -e users/fcuny/llm.age
+#+end_src
-- 
cgit v1.2.3