Skip to content

Commit

Permalink
Add notice about password-protected ssh keys
Browse files Browse the repository at this point in the history
  • Loading branch information
ryantm committed Dec 18, 2020
1 parent d42ba69 commit 8af9714
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ All files in the Nix store are readable by any system user, so it is not a suita

## Notices

* Password-protected ssh keys: since the underlying tool age/rage do not support ssh-agent, password-protected ssh keys do not work well. For example, if you need to rekey 20 secrets you will have to enter your password 20 times.
* If you want to manage user's hashed passwords, you must use a version of NixOS with [commit e6b8587](https://github.com/NixOS/nixpkgs/commit/e6b8587b25a19528695c5c270e6ff1c209705c31), so the root-owned secrets can be decrypted before the user activation script runs. Currently only available on `unstable`.

## Installation
Expand Down

0 comments on commit 8af9714

Please sign in to comment.