2018-07-11

<{^_^}> [nixpkgs] @bricewge opened pull request #43355 → vault: 0.9.5 -> 0.10.3 → https://git.io/fNk1d

2018-06-11

<johanot> ixxie: https://github.com/kelseyhightower/kubernetes-the-hard-way .. Have a look a this, if you haven't already. I think the biggest problem of setting up kubernetes, is handling PKI in a sane and secure manner. You don't want your secrets ending up in the store. And therefore you need something like a custom vault pki or cfssl setup, with proper key rotation setup.

2018-05-23

<srhb> But then again, vault will be sealed after a reboot anyway.
<srhb> edude03: Nix will import the file to the store, and pass that store path to vault.
<edude03> I'm using the cert for vault

2018-04-18

<LnL> there''s a web interface in the vault and they have a cli tool

2018-04-02

<infinisil> taohansen: Maybe, depends on whether this vault can be made to work in the nix sandbox
<taohansen> I'm having difficulty reading variables from Vault into environment variables. The strings I write resolve to secrets in a bash prompt but when written into my .nix spec are read and output as the command itself and not the secret I desire

2018-03-25

<{^_^}> [nixpkgs] @LnL7 pushed commit from @NeQuissimus to release-18.03 « vault: Fix test »: https://git.io/vxRZ0

2018-03-23

<LnL> taohansen: I use vault with and without nixos
<coconnor> taohansen: there is a vault nixos module. Have you look at that?
<taohansen> Does anyone use Vault for secrets storage?

2018-03-18

<{^_^}> [nixpkgs] @obadz merged pull request #36458 → Vault: 0.9.4 -> 0.9.5, fix test → https://git.io/vANcz
<{^_^}> [nixpkgs] @obadz pushed commit from @NeQuissimus to master « vault: Fix test »: https://git.io/vx30a

2018-03-17

<hyper_ch> tilpner: well, diceware is nice for unlocking your password vault or root encrypted computer

2018-03-07

<NixOS_GitHub> [nixpkgs] NeQuissimus opened pull request #36458: Vault: 0.9.4 -> 0.9.5, fix test (master...zfh_vault) https://git.io/vANcz

2018-02-05

<dhess> and then some kind of pluggable secret back-end, so you can use NixOps, or Vault, or AWS KMS, etc.

2018-01-25

<steveeJ> maurer: thanks, that's my understanding too. something like ansible-vault for nix would be a good start for managing secrets, but I know that there's an RFC for this topic

2018-01-16

<NixOS_GitHub> nixpkgs/master f8630c9 Bastian Köcher: plasma-vault: Fixes build
<NixOS_GitHub> [nixpkgs] bkchr opened pull request #33935: plasma-vault: Fixes build (master...fix_plasma_vault) https://git.io/vNlKL

2018-01-11

<NixOS_GitHub> nixpkgs/master 8c1e47a adisbladis: aws-vault: Fix eval
<NixOS_GitHub> nixpkgs/master b5b6656 zimbatm: aws-vault: init at 4.1.0

2018-01-05

<srhb> dhess: Hmm, now I'm wondering how to integrate it. Obviously you'd want to produce some templates with all the safe stuff in the nix store, and then in the systemd unit render it with vault or something.
<dhess> I have seen good things said about Vault by OPSEC-ish people, at least. Well, compared to the alternatives, anyway.
<srhb> dhess: I don't have experience with Vault firsthand.
<dhess> so Consul is bad but Vault is OK?
<gchristensen> Vault, yeah
<dhess> gchristensen: have you ever worked with KMS or Vault?
<dhess> going through /run/keys would be the first pass anyway, so that it would be compatible with existing deployments and you could just plug in the secrets "vault"
<dhess> infinisil: we already get that with NixOps of course. No, I mean where at the very least /run/keys is populated from Vault or KMS, and not from a NixOps deploy where NixOps is reading the secrets from a file(s)

2017-12-04

<NixOS_GitHub> nixpkgs/master f019707 adisbladis: vault: 0.8.3 -> 0.9.0

2017-11-30

<dhess_> Anyone doing any work with Vault or AWS Parameter Store to get a better story for secrets management with NixOS/NixOps?

2017-11-23

<bhipple[m]> Do you happen to know if there's a stable URL for Centos 7.4? I have a working NixPkg for Centos 7.4 too, but since it's on http://mirror.centos.org and not the vault the URL will disappear as soon as the next revision comes out

2017-11-06

<clever> nothing with vault yet
<dhess> clever: you've always got some cool new Nix stuff cooking here and there. I don't suppose you've done anything with NixOS/NixOps and Vault, have you? For distributing secrets?

2017-10-21

<NixOS_GitHub> [nixpkgs] LnL7 closed pull request #30664: vault: 0.8.1 -> 0.8.3 (master...pkg-vault-update) https://git.io/vdNGt
<NixOS_GitHub> [nixpkgs] jmitchell opened pull request #30664: vault: 0.8.1 -> 0.8.3 (master...pkg-vault-update) https://git.io/vdNGt

2017-10-19

<NixOS_GitHub> nixpkgs/master f8368f6 adisbladis: plasma5.plasma-vault: init at 5.11.1

2017-10-08

<srhb> Nix Vault 2017, make it so! :-)

2017-08-29

<3NAABFMUS> nixpkgs/master f86cac2 rushmorem: vault: 0.7.3 -> 0.8.1
<94KABB39S> [nixpkgs] rushmorem closed pull request #28692: vault: 0.7.3 -> 0.8.1 (master...vault) https://git.io/v5n77
<NixOS_GitHub> [nixpkgs] rushmorem opened pull request #28692: vault: 0.7.3 -> 0.8.1 (master...vault) https://git.io/v5n77

2017-07-11

<NixOS_GitHub> nixpkgs/master 4c428b4 Volth: vault: run as an unpivileged user
<NixOS_GitHub> nixpkgs/master 442f76d Katyucha: Vault: 0.6.5 -> 0.7.2 with services

2017-06-29

<NixOS_GitHub> [nixpkgs] Katyucha closed pull request #26130: vault: 0.6.5 -> 0.7.2 with service (master...vault) https://git.io/vHZcN

2017-06-27

<NixOS_GitHub> [nixpkgs] volth opened pull request #26907: vault: 0.6.5 -> 0.7.3 with service (master...vault) https://git.io/vQntO

2017-05-27

<katyucha> Hi. The Travis test failed on my pull request : It say : py.test: error: unrecognized arguments: -n ... but I don't modify python or thing like that .. is it normal ? (PR : 26130 about vault)

2017-05-26

<katyucha> danbst and sphalerite : Ok, thanks for your answer. Hope all is good for vault 0.7.1 now :)
<katyucha> Hi ! I pull my first request ! but... I have a doubt.. I make my vault upgrade and service with my unstable version => So my pull request must be on master or another branch ?
<NixOS_GitHub> [nixpkgs] Katyucha opened pull request #26130: vault: 0.6.5 -> 0.7.1 with service (master...vault) https://git.io/vHZcN

2017-05-15

<katyucha> Hi. I try to write my first package (vault service). I create a nixos/modules/services/security/vault.nix . When I run " nixos-rebuild switch -I $myNix/nixpkgs ", nix say the service is not found... What do I forget to do ? a declare somewhere ?

2017-05-06

<katyucha> Someone installed Vault ? services.vault.enable doesn't work .. I don't find any services ..

2017-03-20

<spinus> gchristensen: I know Vault, I tried to avoid big boy tools as I just need to deploy small thing
<gchristensen> spinus: I don't, but i'd recommend looking at Vault

2017-02-16

<NixOS_GitHub> nixpkgs/master 3f971d9 Pradeep Chhetri: vault: 0.6.4 -> 0.6.5
<NixOS_GitHub> [nixpkgs] pradeepchhetri opened pull request #22881: vault: 0.6.4 -> 0.6.5 (master...vault-update) https://git.io/vDSo8

2017-01-28

<NixOS_GitHub> nixpkgs/master c0fd124 Pradeep Chhetri: vault: 0.6.3 -> 0.6.4
<NixOS_GitHub> [nixpkgs] pradeepchhetri opened pull request #22237: vault: 0.6.3 -> 0.6.4 (master...vault) https://git.io/vDUff

2016-12-12

<NixOS_GitHub> nixpkgs/master af5be37 Jaka Hudoklin: vault: add offline as maintainer
<NixOS_GitHub> nixpkgs/master 2306416 Jaka Hudoklin: vault: 0.6.1 -> 0.6.3

2016-12-11

<NixOS_GitHub> [nixpkgs] Mic92 closed pull request #21070: vault: 0.6.1 -> 0.6.3 (master...pkgs/vault/update/0.6.3) https://git.io/v1ouC
<NixOS_GitHub> [nixpkgs] offlinehacker opened pull request #21070: vault: 0.6.1 -> 0.6.3 (master...pkgs/vault/update/0.6.3) https://git.io/v1ouC