quentinmit/sops-nix — explained in plain English
Analysis updated 2026-07-18 · repo last pushed 2024-02-21
Store database passwords and API keys encrypted alongside your NixOS configuration in Git.
Automatically decrypt secrets into the right place with correct permissions during NixOS deployment.
Roll back to a previous deployment and have the matching old secrets restored atomically.
Manage personal dotfile secrets with Home-manager without leaking them in version control.
| quentinmit/sops-nix | 0verflowme/alarm-clock | 0verflowme/seclists | |
|---|---|---|---|
| Language | — | CSS | — |
| Last pushed | 2024-02-21 | 2022-10-03 | 2020-05-03 |
| Maintenance | Dormant | Dormant | Dormant |
| Setup difficulty | moderate | easy | easy |
| Complexity | 4/5 | 2/5 | 1/5 |
| Audience | ops devops | vibe coder | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Requires generating and managing GPG or age encryption keys before secrets can be encrypted and deployed.
A NixOS tool that lets you store encrypted secrets like passwords and API keys in Git, then auto-decrypts them safely at deploy time.
Dormant — no commits in 2+ years (last push 2024-02-21).
Setup difficulty is rated moderate, with roughly 1h+ to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.