How can you have private environment variables outside of dev.nix?

treeder · May 24, 2024, 3:02pm

Codespaces has secrets that you set that aren’t checked into git or put into a config file. Is there any way to do something like that?

kirupa · May 25, 2024, 9:48pm

Hi @treeder - one of the items we are actively looking at it is using Cloud Secret Manager for managing private values: Secret Manager | Google Cloud

If we go that route, would that work for what you are trying to do?

Cheers,
Kirupa

treeder · May 27, 2024, 1:22pm

Seems like that could work. Not sure if having it tied to a particular GCP project would be a pain or not though, would have to think that through. I’d likely end up having a lot of GCP projects that would only be used for the secret manager.

Sunny · June 15, 2024, 1:14am

Sorry for reviving a old post, but I found a workaround, hope this would help someone (or at least future me)
dev.idx

let
  secrets = import ./secrets.nix;
in
{ pkgs, ... }: {
  env = pkgs.lib.recursiveUpdate {
    # Normal environment variables here
  } secrets;
  # Your config

secrets.nix

{
    PORT=3000;
}

Sunny · June 15, 2024, 11:52am

Forgot to mention, remember to add secrets.nix onto .gitignore

Topic		Replies	Views
Secrets in env files Project Templates	1	138	October 9, 2024
Environment Variables General	1	138	June 17, 2024
NixOS options in environment configuration Project Templates	3	282	June 18, 2024
Nix global configuration General	1	263	May 17, 2024
Understanding the Relationship Between dev.nix and Project IDX Workspace General	1	178	August 19, 2024

How can you have private environment variables outside of dev.nix?

Related Topics