populate: add passage source typeHEAD 1.29.0 master

author: tv <tv@krebsco.de> 2024-01-11 04:37:02 +0100
committer: tv <tv@krebsco.de> 2024-01-11 11:23:11 +0100
commit: a6c7ecd8ba90c1eb2515cb235d85649295848e68 (patch)
tree: 6759fc1f2479ff6b250741dd9e2798db285ff4e3 /README.md
parent: cbc475bdf46c115ac0f28008a531164567a12f87 (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/README.md b/README.md
index a10b836..d8268e5 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,7 @@ krops is a lightweight toolkit to deploy NixOS systems, remotely or locally.
 ## Some Features
 
 - store your secrets in [password store](https://www.passwordstore.org/)
+                     or [passage](https://github.com/FiloSottile/passage)
 - build your systems remotely
 - minimal overhead (it's basically just `nixos-rebuild switch`!)
 - run from custom nixpkgs branch/checkout/fork
@@ -298,6 +299,29 @@ Supported attributes:
   sub-directory in the password store.
 
 
+### `passage`
+
+The passage source type decrypts files from a local
+[passage store](https://github.com/FiloSottile/passage)
+and transfers them to the target using
+[`rsync`](https://rsync.samba.org/).
+
+Supported attributes:
+
+* `dir` -
+  Path to the passage store.
+  For a partial transfer, this may point to a subdirectory.
+  Example: `~/.passage/store/hosts/MYHOSTNAME`
+
+* `identities_file` (optional) -
+  Path to the identities file.
+  Defaults to `~/.passage/identities`.
+
+* `age` (optional) -
+  Path of the age binary.
+  Defaults to `age` (absolute path gets resolved using `passage`'s search path.)
+
+
 ### `pipe`
 
 Executes a local command, capture its stdout, and send that as a file to the
author	tv <tv@krebsco.de>	2024-01-11 04:37:02 +0100
committer	tv <tv@krebsco.de>	2024-01-11 11:23:11 +0100
commit	a6c7ecd8ba90c1eb2515cb235d85649295848e68 (patch)
tree	6759fc1f2479ff6b250741dd9e2798db285ff4e3 /README.md
parent	cbc475bdf46c115ac0f28008a531164567a12f87 (diff)