How can you have private environment variables outside of dev.nix?

Codespaces has secrets that you set that aren’t checked into git or put into a config file. Is there any way to do something like that?

Hi @treeder - one of the items we are actively looking at it is using Cloud Secret Manager for managing private values: Secret Manager  |  Google Cloud

If we go that route, would that work for what you are trying to do?

Cheers,
Kirupa

Seems like that could work. Not sure if having it tied to a particular GCP project would be a pain or not though, would have to think that through. I’d likely end up having a lot of GCP projects that would only be used for the secret manager.

Sorry for reviving a old post, but I found a workaround, hope this would help someone (or at least future me)
dev.idx

let
  secrets = import ./secrets.nix;
in
{ pkgs, ... }: {
  env = pkgs.lib.recursiveUpdate {
    # Normal environment variables here
  } secrets;
  # Your config

secrets.nix

{
    PORT=3000;
}
1 Like

Forgot to mention, remember to add secrets.nix onto .gitignore

1 Like