| options/nixos/services.strongswan-swanctl.swanctl.secrets.private | Private key decryption passphrase for a key in the
private folder.
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.ntlm.<name>.id | Identity the NTLM secret belongs to
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.rsa.<name>.secret | Value of decryption passphrase for RSA key.
|
| options/nixos/networking.networkmanager.ensureProfiles.secrets.entries | A list of secrets to provide to NetworkManager by reading their values from configured files
|
| options/nixos/services.authelia.instances.<name>.secrets.sessionSecretFile | Path to your session secret
|
| options/nixos/services.maddy.tls.loader | TLS certificates are obtained by modules called "certificate
loaders"
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.token.<name>.pin | Optional PIN required to access the key on the token
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.file | File name in the pkcs12 folder for which this
passphrase should be used.
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.xauth.<name>.id | Identity the EAP/XAuth secret belongs to
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.ecdsa.<name>.secret | Value of decryption passphrase for ECDSA key.
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.pkcs8.<name>.secret | Value of decryption passphrase for PKCS#8 key.
|
| options/nixos/services.bitwarden-directory-connector-cli.secrets.ldap | Path to file that contains LDAP password for user in {option}`ldap.username
|
| options/nixos/services.authelia.instances.<name>.secrets.oidcIssuerPrivateKeyFile | Path to your private key file used to encrypt OIDC JWTs.
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.token.<name>.module | Optional PKCS#11 module name to access the token.
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.private.<name>.file | File name in the private folder for which this passphrase should be used.
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.token.<name>.handle | Hex-encoded CKA_ID or handle of the private key on the token or TPM,
respectively.
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.secret | Value of decryption passphrase for PKCS#12 container.
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.eap.<name>.secret | Value of the EAP/XAuth secret
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.ike.<name>.secret | Value of the IKE preshared secret
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.ppk.<name>.secret | Value of the PPK
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.private.<name>.secret | Value of decryption passphrase for private key.
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.xauth.<name>.secret | Value of the EAP/XAuth secret
|
| options/nixos/services.draupnir.secrets.pantalaimon.password | File containing the password for Draupnir's Matrix account when used in
conjunction with Pantalaimon to be used in place of
services.draupnir.settings.pantalaimon.password.
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.ntlm.<name>.secret | Value of the NTLM secret, which is the NT Hash of the actual secret,
that is, MD4(UTF-16LE(secret))
|
| options/nixos/services.authelia.instances.<name>.secrets.storageEncryptionKeyFile | Path to your storage encryption key.
|
| options/nixos/boot.initrd.network.ssh.hostKeys | Specify SSH host keys to import into the initrd
|
| options/nixos/networking.networkmanager.ensureProfiles.secrets.entries.*.matchSetting | name of the setting section for which secrets are requested
|
| options/nixos/services.gitlab.secrets.activeRecordDeterministicKeyFile | A file containing the secret used to encrypt some rails data in a deterministic way
in the DB
|
| packages/nixpkgs/bws | Bitwarden Secrets Manager CLI |
| options/nixos/services.draupnir.secrets.web.synapseHTTPAntispam.authorization | File containing the secret token when using the Synapse HTTP Antispam module
to be used in place of
services.draupnir.settings.web.synapseHTTPAntispam.authorization
|
| options/nixos/networking.networkmanager.ensureProfiles.secrets.package | The nm-file-secret-agent package to use.
|
| options/nixos/networking.networkmanager.ensureProfiles.secrets.entries.*.key | key in the setting section for which this entry provides a value
|
| options/nixos/networking.networkmanager.ensureProfiles.secrets.entries.*.file | file from which the secret value is read
|
| options/nixos/services.bookstack.settings | Options for Bookstack configuration
|
| options/nixos/networking.networkmanager.ensureProfiles.secrets.entries.*.trim | whether leading and trailing whitespace should be stripped from the files content before being passed to NetworkManager
|
| options/nixos/networking.networkmanager.ensureProfiles.secrets.entries.*.matchIface | interface name of the NetworkManager connection
|
| options/nixos/networking.networkmanager.ensureProfiles.secrets.entries.*.matchUuid | UUID of the connection profile
UUIDs are assigned once on connection creation and should never change as long as the connection still applies to the same network.
|
| options/nixos/networking.networkmanager.ensureProfiles.secrets.entries.*.matchId | connection id used by NetworkManager
|
| options/nixos/networking.networkmanager.ensureProfiles.secrets.entries.*.matchType | NetworkManager connection type
The NetworkManager configuration settings reference roughly corresponds to connection types
|
| options/nixos/services.cross-seed.settings | Configuration options for cross-seed
|
| options/nixos/services.transfer-sh.secretFile | Path to file containing environment variables
|
| options/nixos/services.wiki-js.settings | Settings to configure wiki-js
|
| options/nixos/services.caddy.environmentFile | Environment file as defined in systemd.exec(5)
|
| packages/nixpkgs/vault-bin | Tool for managing secrets, this binary includes the UI |
| options/nixos/services.bitwarden-directory-connector-cli.secrets.bitwarden.client_path_id | Path to file that contains Client ID.
|
| options/nixos/services.oncall.secretFile | A YAML file containing secrets such as database or user passwords
|
| options/nixos/services.microbin.passwordFile | Path to file containing environment variables
|
| options/home-manager/programs.rclone.requiresUnit | The name of a systemd user service that must complete before the rclone
configuration file is written
|
| options/nixos/services.akkoma.initSecrets | Whether to initialise non‐existent secrets with random values
|
| options/nixos/services.stalwart.credentials | Credentials envs used to configure Stalwart secrets
|
| options/nixos/services.n8n.environment | Environment variables to pass to the n8n service
|
| packages/nixpkgs/kubeseal | Kubernetes controller and tool for one-way encrypted Secrets |
| options/nixos/services.bitwarden-directory-connector-cli.secrets.bitwarden.client_path_secret | Path to file that contains Client Secret.
|
| options/nixos/services.stalwart-mail.credentials | Credentials envs used to configure Stalwart-Mail secrets
|
| options/nixos/services.cfssl.configFile | Path to configuration file
|
| packages/nixpkgs/sops | Simple and flexible tool for managing secrets |
| packages/nixpkgs/ots | Share end-to-end encrypted secrets with others via a one-time URL |
| packages/nixpkgs/senv | Friends don't let friends leak secrets on their terminal window |
| packages/nixpkgs/vault | Tool for managing secrets |
| packages/nixpkgs/argocd-vault-plugin | Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets |
| options/nixos/services.pds.settings | Environment variables to set for the service
|
| options/nixos/services.movim.settings | .env settings for Movim
|
| packages/nixpkgs/proton-pass-cli | Command-line interface for managing your Proton Pass vaults, items, and secrets |
| options/nixos/services.go-neb.secretFile | Environment variables from this file will be interpolated into the
final config file using envsubst with this syntax: $ENVIRONMENT
or ${VARIABLE}
|
| options/nixos/services.evcc.settings | evcc configuration as a Nix attribute set
|
| options/home-manager/programs.rclone.remotes | An attribute set of remote configurations
|
| options/nixos/services.maubot.settings | YAML settings for maubot
|
| options/nixos/services.turn-rs.secretFile | Environment variables from this file will be interpolated into the
final config file using envsubst with this syntax: $ENVIRONMENT or
${VARIABLE}
|
| options/nixos/services.wstunnel.clients.<name>.environmentFile | Environment file to be passed to the systemd service
|
| options/nixos/services.wstunnel.servers.<name>.environmentFile | Environment file to be passed to the systemd service
|
| packages/nixpkgs/cliqr | Transfer, share data & secrets via console qr codes |
| options/nixos/services.listmonk.secretFile | A file containing secrets as environment variables
|
| packages/nixpkgs/ejson | Small library to manage encrypted secrets using asymmetric encryption |
| options/nixos/services.forgejo.customDir | Base directory for custom templates and other options
|
| options/nixos/services.dawarich.extraEnvFiles | Extra environment files to pass to all Dawarich services
|
| options/nixos/services.prosody.extraConfig | Additional prosody configuration
The generated file is processed by envsubst to allow secrets to be passed securely via environment variables.
|
| options/nixos/services.mastodon.extraEnvFiles | Extra environment files to pass to all mastodon services
|
| options/nixos/services.lasuite-docs.secretKeyPath | Path to the Django secret key
|
| options/nixos/services.lasuite-meet.secretKeyPath | Path to the Django secret key
|
| options/nixos/programs.nncp.settings | NNCP configuration, see
http://www.nncpgo.org/Configuration.html
|
| options/nixos/services.docuseal.extraEnvFiles | Extra environment files to pass to DocuSeal services
|
| options/nixos/services.sourcehut.hg.group | Group for hg.sr.ht
|
| options/nixos/services.keter.bundle.publicScript | Allows loading of public environment variables,
these are emitted to the log so it shouldn't contain secrets.
|
| options/nixos/services.patroni.settings | The primary patroni configuration
|
| options/nixos/services.sourcehut.man.group | Group for man.sr.ht
|
| options/nixos/services.sourcehut.git.group | Group for git.sr.ht
|
| options/nixos/services.sourcehut.hub.group | Group for hub.sr.ht
|
| options/nixos/services.pixelfed.settings | .env settings for Pixelfed
|
| options/nixos/services.cross-seed.settingsFile | Path to a JSON file containing settings that will be merged with the
settings option
|
| options/nixos/services.sourcehut.todo.group | Group for todo.sr.ht
|
| options/nixos/services.sourcehut.meta.group | Group for meta.sr.ht
|
| options/nixos/services.bluesky-pds.settings | Environment variables to set for the service
|
| options/nixos/services.lidarr.settings | Attribute set of arbitrary config options
|
| options/nixos/services.sonarr.settings | Attribute set of arbitrary config options
|
| options/nixos/services.radarr.settings | Attribute set of arbitrary config options
|
| options/nixos/services.canaille.secretKeyFile | File containing the Flask secret key
|
| options/nixos/services.microbin.settings | Additional configuration for MicroBin, see
https://microbin.eu/docs/installation-and-configuration/configuration/
for supported values
|
| options/nixos/services.zitadel.extraStepsPaths | A list of paths to extra steps files
|
| options/nixos/services.wastebin.settings | Additional configuration for wastebin, see
https://github.com/matze/wastebin#usage for supported values
|
| options/nixos/services.sourcehut.paste.group | Group for paste.sr.ht
|