How can you have private environment variables outside of dev.nix?

treeder · May 24, 2024, 3:02pm

Codespaces has secrets that you set that aren’t checked into git or put into a config file. Is there any way to do something like that?

kirupa · May 25, 2024, 9:48pm

Hi @treeder - one of the items we are actively looking at it is using Cloud Secret Manager for managing private values: Secret Manager | Google Cloud

If we go that route, would that work for what you are trying to do?

Cheers,
Kirupa

treeder · May 27, 2024, 1:22pm

Seems like that could work. Not sure if having it tied to a particular GCP project would be a pain or not though, would have to think that through. I’d likely end up having a lot of GCP projects that would only be used for the secret manager.

Sunny · June 15, 2024, 1:14am

Sorry for reviving a old post, but I found a workaround, hope this would help someone (or at least future me)
dev.idx

let
  secrets = import ./secrets.nix;
in
{ pkgs, ... }: {
  env = pkgs.lib.recursiveUpdate {
    # Normal environment variables here
  } secrets;
  # Your config

secrets.nix

{
    PORT=3000;
}

Sunny · June 15, 2024, 11:52am

Forgot to mention, remember to add secrets.nix onto .gitignore

Topic		Replies	Views
NixOS options in environment configuration Project Templates	3	228	June 18, 2024
Where can I find all the dev.nix files to set a new project General	2	113	August 14, 2024
Git: fatal: unable to write loose object file: No space left on device General	3	225	August 24, 2024
Numpy and Tensorflow not working General	5	225	July 15, 2024
Installing packages from github General	4	163	September 20, 2024

How can you have private environment variables outside of dev.nix?

Related Topics