support encrypting plain passwords for hashedPasswordFiles #492
Comments
|
Any idea why it's deprecated? |
|
Is this about NixOS/nixpkgs@5666a37? If so, I believe passwordFile has always been expected to contain a hashed password, hence it was a good idea to rename the option. |
|
Interesting I wasn't aware of that |
Personally, since I use root passwords sparingly (I use my user account for sudo), I generate a device unique password and add it as a comment in the sops file, which gets encrypted along with the hashed password. |
|
I migrated towards a pattern of storring the hashed passwords alongside the unhashed ones in my sops configuration I'd still appreciate a utility to deliver a password as hashed password file without having to store both |
with nix starting to warn about passwordFile being deprecated and the migration to hashedPasswordFile
i'd still like to use plain passwords in my sops files (in order to avoid the need for secondary password managers or sync)
would it be fesible to make the decryption of password files appy mkpasswd as a filter?
The text was updated successfully, but these errors were encountered: