Sets the admin api key for typesense

TLS key path.

Hex-encoded Blake2b256 hash of an API key as a 64-chars long Base16 string.

Private key file for the certificate.

Path to the file which contains the actual base64 encoded key

HMAC url validation key (hexadecimal encoded)

The keyboard mapping table for the virtual consoles.

Path to the key file.

Path to the TLS key file.

Key file to use for clients

The path of a PEM encoded TLS private key

The path of a PEM encoded TLS private key

The path of a PEM encoded TLS private key

Path to private key file.

A key list specifying a host switch combination.

A list of key names is available in https://github.com/htrefil/rkvm/blob/master/switch-keys.md.

The size of the key file

TLS key

Path to the TLS private key file

TLS Key for the gRPC server, leave blank to disable TLS

Path to HTTPS listener private key.

The offset of the key file

SSH public key allowed to login as user btrbk to run remote backups.

TLS Key for the gRPC server, leave blank to disable TLS

TLS Key for the gRPC server, leave blank to disable TLS

Path to TLS key to use for connections to public-inbox-nntpd(1).

Path to TLS key to use for connections to public-inbox-imapd(1).

Path to MySQL listener private key.

SSL key file path

Path to certificate private key (PEM with private key)

Key type to use for private keys

Access key id for the S3 storage backend.

Specify the path to a file or AF_UNIX stream socket to read the secret server key corresponding to the certificate specified with services.journald.gateway.cert from

LiveKit key file holding one or multiple application secrets

Key file for securing RPC connections.

Etcd key file.

Fully qualified path to the server key.

Path to TLS key

A file containing the HMAC key to use for signing URLs

TLS Key for the gRPC server, leave blank to disable TLS

TLS Key for the gRPC server, leave blank to disable TLS

Path to the server's private key

Access key id for the minio storage backend.

TLS key in pem format.

The key.pem file used for https.

Key type to use for private keys

VI or Emacs style shortcuts.

Path to PostgreSQL listener private key.

Etcd key file

An absolute file path (which should be outside the Nix-store) to an OpenPGP private key

Path or reference to the host key.

Optional path to a file containing the mycelium key material

Initial administrative public key for Gitolite

Length of the LUKS slot key derived with PBKDF2 in byte.

An absolute file path (which should be outside the Nix-store) to a key used for encrypting session cookies

TLS Key for the gRPC server, leave blank to disable TLS

OpenPGP key identifier.

Path to the key file.

The path of a PEM encoded TLS private key

The path of a PEM encoded TLS private key

Path to the certificate key file (if protocol is set to https or h2).

LiveKit key file holding one or multiple application secrets

The name of the file (can be a raw device or a partition) that should be used as the decryption key for the encrypted device

An absolute file path (which should be outside the Nix-store) to a secret key to encrypt internal messages with

The (optional) compose key to use.

Path to the key.pem file, which will be copied into Syncthing's configDir.

Private key to use for TLS

An absolute file path (which should be outside the Nix-store) to a base64-encoded Ed25519 key for signing webhook payloads

TLS Key for the client's certificate

The keyfile which associates this machine with your tarsnap account

The Meilisearch API key.

A list of SSH public keys allowed to access the binary cache via SSH.

Path to GitLab container registry certificate-key.

Private key file in PEM format.

Private key file for the certificate.

Path to key file

Key size in bits to use when generating new keys.

The path to a file containing the API Key used to authenticate with CloudFlare.

Whether to enable keyd, a key remapping daemon.

The public key data for the host

List of public key files that will be imported by gpg.

Key size in bits

Key size in bits

The sort key used for the NixOS bootloader entries

Size of the RSA key to use to sign outgoing emails

The path to a file containing the Meilisearch API key

API key to authenticate with a local crowdsec API

Path to the private key used for the HTTPS listener

Path to a SSL private key file for the server

Stash Box API key

Path to key file

List of public keys used to sign binary caches

Access key to the S3-compatible object storage service

Path to SSL key file.

Key server from which to fetch and update keys

Configuration options corresponding to parameters set in conf/keycloak.conf

Path to the .jsk KeyStore or paths to the PKCS#8 certificate and private key, separated by a space (see example)

An absolute file path (which should be outside the Nix-store) to the secret key of the S3-compatible object storage service.

Key of taint.

Key file for MQTT server access.

Set a specific keyfile for this archive

Cron key taken from the administration page.

A list of files containing additional configuration to be included using the include directive

Specifies the key lib.types that will be used for public key authentication.

The path to the file used for signing derivation data

The public key data for the host

Directory containing ssh keys, defaulting to auto-generation

Path to key file

Path to the file containing the KSK public key

API key to use when modifying DNS records.

TLS key in pem format.

Public key for Stripe

oauth2-proxy allows passing sensitive configuration via environment variables

Path to a file containing the credential mapping (<keyname>: <secret>) to access LiveKit

Path to the file containing the ZSK public key

The path that opendkim should put its generated private keys into

A switch to disable Endorsement Key (EK) certificate verification

An absolute file path (which should be outside the Nix-store) to a secret key for Stripe

The path to the file containing the value for turn.apikey

File path to a key file.

The access key for the S3 bucket.

Define your TSIG keys here.

Path to certificate private key (PEM with private key)

This primary server will notify all given secondary servers about zone changes

Configuration, except ids section, that is written to /etc/keyd/.conf

OpenPGP public key.

Path to keystore (combined PEM with cert/key, or PKCS12 keystore)

Name of a file containing the spiped key

Set the encryption key size for the plain device

Configuration for one or more device IDs

Device identifiers, as shown by keyd(1).

The amount of time in seconds for a keyFile to appear before timing out and trying passwords.

Path to the Unbound control socket key.

Path to the private key used for TLS.

Collects number of keypresses per hour per key used to generate a heatmap.

The database name.

Database settings.

Configuration included in keymap.toml

Path to private key.

The private key to persist address with

Path to the file containing the KSK private key.

Path to the TLS key for the web UI

Options to pass to the PAM module

The path to the signing private key file, used to sign requests and events.

  nix-shell -p dendrite --command "generate-keys --private-key matrix_key.pem"

Authentication algorithm for this key.

Path to the private key corresponding to the server certificate

The PostgreSQL port.

The PostgreSQL host.

Wireguard public key of this peer.

The ID generation method for Sharkey to use

Configuration for Misskey, see example.yml for all supported options.

The ID generation method to use

Plaintext password used to unlock the Java KeyStore set in services.reposilite.settings.keyPath

The user used for database authentication.

The password used for database authentication.

Path to a file containing the API key to use when modifying DNS records.

SFTP private key file

The port your Misskey server should listen on.

The port that Sharkey will listen on.

Path to the file containing the ZSK private key.

Configuration options for Sharkey

A list of files each containing one OpenSSH public key that should be added to the user's authorized keys

The full URL that the Sharkey instance will be publically accessible on

Options to pass to the pam_rssh module

Default kubeconfig client key file used to connect to kube-apiserver.

Extra connection options.

The path to the public key file for the host

ActivityPub public key

ioredis options

Path to your SSL key

Node key file.

The Redis host.

The Redis port.

The final user-facing URL

Path to the file where DHT keys are stored.

A list of files each containing one OpenSSH public key that should be added to the user's authorized keys

Kubernetes proxy client key file used to connect to kube-apiserver.

Path to the Django secret key

Path to the Django secret key

Path to file which contains the master key

ActivityPub private key

Path to derp private key file, generated automatically if it does not exist.

Path to store SSH host & client keys.

Whether to enable Hockeypuck OpenPGP Key Server.

The UNIX socket your Misskey server should listen on.

API key, which enables the developer API.

If specified, creates a UNIX socket at the given path that Sharkey listens on.

Path to a file containing the public key of the local Rosenpass peer

Path to a file containing the secret key of the local Rosenpass peer

Path to file containing the secret key base

Kubelet client key file used to connect to kube-apiserver.

On which address Keycloak should accept new connections.

On which port Keycloak should listen for new HTTP connections.

The address that Sharkey binds to.

Path to a file containing the public key of the remote Rosenpass peer.

Whether to enable udev rules for keychron QMK based keyboards.

The path to the public key file for the host

The keyd package to use.

Path to a keyfile used to unlock the backing encrypted device

Path of the PEM-encoded private key for this account

On which port Keycloak should listen for new HTTPS connections.

Listed primary servers are allowed to notify this secondary server

The file access mode of the UNIX socket.

The Redis port.

The Redis host.

Path to file containing the secret key base

ioredis options for the job queue

The Redis port.

The Redis host.

Path to a keyfile used to unlock the backing encrypted device

Extra configuration that is appended to the end of the file. Do not write ids section here, use a separate option for it

ioredis options for pubsub

Path to key for already created certificate.

Whether to disable caching queries.

Whether to automatically set up a local Meilisearch instance and configure Sharkey to use it

SSL key in PEM format

A file containing your secret key

Secret key used for signing

Kubernetes scheduler client key file used to connect to kube-apiserver.

Access key of 5 to 20 characters in length that clients use to access the server

yaml file containing all secrets. this needs to be in the same structure as the configuration

The name of private PKCS #8 key file for this policy to be found in the baseDirectory, or the absolute path to the key file

Specify the Secret key of 8 to 40 characters in length that clients use to access the server

File to persist HTTPPROXY keys.

The path to the TLS key.

  nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"

Path to file containing the secret key base

Path the the file containing the password used to unlock the Java KeyStore file specified in services.reposilite.settings.keyPath

The path to your appkey

Key used for encryption of passwords for password-protected feeds in the database

Whether to enable misskey.

Path to a file containing a master encryption key for ZITADEL

Key policy for key signing keys

Secret key of the onion service

key in the setting section for which this entry provides a value

Whether to start the Keybase service.

File to persist SOCKSPROXY keys.

Secret key for authentication tokens

Enable OnlyKey device (https://crp.to/p/) support.

Whether to enable logkeys, a keylogger service.

Whether to enable Sharkey, a Sharkish microblogging platform.

The hostname part of the public URL used as base for all frontend requests

Path to server SSL certificate key.

Path to a file containing the Datadog API key to associate the agent with your account.

Name of this virtual host

The selector to use for DKIM key identification

Path to the nodekey.

The webserver to use as the reverse proxy.

The path to the SSH private key with which to authenticate on the build machine

Keyset used for tunnel identity.

The fingerprint of the endorsement key

Which port the sks-keyserver is listening on.

List of dual-role remappings that output different key sequences based on whether the input key is held or tapped.

Longview API key

The sharkey package to use.

The misskey package to use.

Keyset used for tunnel identity.

The path to your appkey

The path to a PEM formatted private key to use for TLS/SSL connections.

Path to the folder where Sharkey stores uploaded media such as images and attachments.

Kubernetes controller manager client key file used to connect to kube-apiserver.

The Redis port.

The Redis host.

File path that contains the utility secret key

The delay (in milliseconds) between compose key sequences.

Path to file containing the private key used for Web Push Voluntary Application Server Identification

File path that contains the application secret key

Use the given device as keyboard input event device instead of /dev/input/eventX default.

Path to TLS private key.

ioredis options for timelines

Database for the Key Server (for end-to-end encryption).

Metadata file for root certificate presence

The key sequence that should be output when the input key is tapped

A file containing the Longview API key

Whether to automatically set up a local Redis cache and configure Sharkey to use it.

Enables udev rules for Nitrokey devices.

The path of the web root directory.

Configuration file for hockeypuck, here you can override certain settings (loglevel and openpgp.db.dsn) by just setting those values

A list of verbatim OpenSSH public keys that should be added to the user's authorized keys

File containing PEM-encoded x509 RSA or ECDSA private or public keys, used to verify ServiceAccount tokens

The key sequence that should be output when the input key is held

The path to the TLS key.

Configuration for Nix, see https://nixos.org/manual/nix/stable/command-ref/conf-file.html or nix.conf(5) for available options

Extra configuration for the caddy virtual host of Misskey

Extra configuration for the nginx virtual host of Misskey

Whether to enable the Keycloak identity and access management server.

Path to the file that contains the current private key of the service account token issuer

Which slot on the YubiKey to challenge.

Path to file which contains the master key

Additional names of virtual hosts served by this virtual host configuration.

Additional names of virtual hosts served by this virtual host configuration.

Whether to enable pgpkeyserver-lite on a nginx vHost proxying to a gpg keyserver.

Canonical hostname for the server.

Whether to connect via SSL.

Enables support for authenticating with a YubiKey on LUKS devices

Meilisearch connection options.

Key file for MQTT

Whether to enable non-root access to the firmware of QMK keyboards.

The Meilisearch host.

The Meilisearch port.

The sympa.conf configuration file as key value set

The path to the xkb keycodes file

Whether to enable the QUIC transport protocol

Kubernetes apiserver private key file.

The path to the file containing the value for sessions.blockkey

The pgpkeyserver-lite package to use.

The keycloak package to use.

Whether to enable HTTPS in addition to plain HTTP

List of keycodes to match.

A list of verbatim OpenSSH public keys that should be added to the user's authorized keys

Path to file containing the Mackerel API key

CA private key -- accepts '[file:]fname' or 'env:varname'.

The search scope.

Whether to enable non-root access to the firmware of TECK keyboards.

Directory for the ACME challenge, which is public

Whether to enable HTTPS and reject plain HTTP connections

Meilisearch index to use.

The path to the client key

Keyboard configuration.

Keyboard configurations.

List of keys to match

The options to use for this LUKS device in YubiKey-PBA

Whether to enable kTLS support

Which IP address the sks-keyserver is listening on.

The yubikey-agent package to use.

Enable SSL.

Base64 preshared key generated by wg genpsk

Path to keystore (combined PEM with cert/key, or PKCS12 keystore)

The path relative to / for serving resources.

Other endpoint's CA private key

Path to the private key file on the host system

Whether to enable the actkbd key mapping daemon

Listen address.

HKP port to listen on.

Path to your SSL key.

Basic Auth protection for a vhost

A YAML file containing secrets such as database or user passwords

ssl private key path A self-signed certificate will be generated if file not exists.

Makes this vhost the default.

Manages the configuration files declaratively

Path to the signing key to sign messages with.

Configuration for HTTP request logging (also known as access logs)

Which hostname to set the vHost to that is proxying to sks.

Proxy ssl key path

Installing a public key allows firmware signed with a matching private key to be recognized as trusted, which may require less authentication to install than for untrusted files

Location of the Django secret key

Path to the API key to authenticate with a local CrowdSec API

These lines go to the end of the vhost verbatim.

This public key is an SSH certificate authority, rather than an individual host's key.

Port number to listen on

Key file to use for peer to peer communication

Keycloak plugin jar, ear files or derivations containing them

Whether to ask Let's Encrypt to sign a certificate for this vhost

Whether to enable yubikey-manager.

Set name to shared memory zone.

Set size to shared memory zone.

Path to noise private key file, generated automatically if it does not exist.

Whether TLS encryption should be used

Whether to open ports in the NixOS firewall for Sharkey.

Additional lines of configuration appended to this virtual host in the automatically generated Caddyfile.

Whether to enable the HTTP/2 protocol

Secret API key to use when modifying DNS records.

Configuration of the netbird management server

Listen addresses and ports for this virtual host

Whether to enable the HTTP/3 protocol

Whether to enable SSL for the reverse proxy

The wshowkeys package to use.

A host of an existing Let's Encrypt certificate to use

Basic Auth password file for a vhost

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Whether to start yubikey-agent when you log in

TTL for dnssec records

A file containing the secret used to encrypt session keys

Whether to listen for and reject all HTTPS connections to this vhost

Java KeyStore file containing the certificates.

Whether to generate signing keys in /etc/guix which are required to initialize a substitute server

Path to the TLS certificate private key.

The Access Key ID.

The Secret Access Key.

The fully qualified domain name to bind to

A host of an existing Let's Encrypt certificate to use

Whether to use a passphrase and a YubiKey (true), or only a YubiKey (false).

The type of database Keycloak should connect to.

RAUC slot definitions

Whether to enable GNOME Keyring daemon, a service designed to take care of the user's security credentials, such as user names and passwords .

Either the raw pre-shared key in hexadecimal format or the name of the secret (as defined inside networking.wireless.secretsFile and prefixed with ext:) containing the network pre-shared key.

Whether to enable re-emitting unhandled key events.

Key to use for connections to proxy.

Specify host key verification action when connecting to a SSH target with unknown/differing host key.

Whether to enable non-root access to the firmware of UHK keyboards

Path to the TLS key file.

IRCD server RSA key.

RSA private key file.

Base64 preshared key generated by wg genpsk

SSL key to use.

Declarative location config

Length of the new salt in byte (64 is the effective maximum).

The yubikey-manager package to use.

Whether to enable fzf keybindings.

Keyboard name.

Servers listed here will be used to gather public keys of other servers (notary trusted key servers)

Path to the server private key, which is used by the server but not by nsd-control

Port of the database to connect to.

config.yaml for evdevremapkeys

A path to a SSL secret key file in PEM format

The secret or JSON Web Key (JWK) (or set) used to decode JWT tokens clients provide for authentication

Settings for a cups-pdf instance, see the descriptions in the template config file in the cups-pdf package

Time in seconds to wait for the YubiKey.

Original key arrangement on your keyboard: Mac or PC.

Whether to enable udev rules for keyboards from ZSA like the ErgoDox EZ, Planck EZ and Moonlander Mark I

Which provider to use for full text search

The path to a file containing the Redis password

Specifies what to do when the power key is pressed.

Sets the autorepeat delay (length of time in milliseconds that a key must be depressed before autorepeat starts).

The path to a file containing the API key

File containing an API key to talk to the Immich server

Whether to enable a HTTP reverse proxy for Misskey.

Create an individual listening socket

Whether to enable wshowkeys (displays keypresses on screen on supported Wayland compositors)

TLS private key file

Use custom DH TLS key, stored in PEM format in the file.

The filesystem of the unencrypted device.

Whether to enable skim keybindings.

Realm files that the server is going to import during startup

Create and use a local Redis instance

A set of additional system-wide locale settings other than LANG which can be configured with i18n.defaultLocale

An attribute set in which each key represents a container and each value an attribute set in which each key represents a component and each value a derivation constructing its initial state

API key to talk to the Immich server

The main.cf configuration file as key value set

Additional theme packages for Keycloak

Skydns path of TLS client certificate - public key.

Skydns path of TLS client certificate - private key.

Whether the database connection should be secured by SSL / TLS

Whether to enable writing to the Nix store as a remote store via SSH

Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests

Key file for client cert authentication to the server.

The right hand is moved one key to the right.

Absolute path of the salt on the unencrypted device with that device's root directory as "/".

Path to file containing sensitive environment variables

Flags from tlsrpt-fetcher(1) as key-value pairs.

Flags from tlsrpt-reportd(1) as key-value pairs.

Port to run the TCP server on. null will not run the server.

If set, all requests for this host are redirected (defaults to 301, configurable with redirectCode) to the given hostname.

List of raw public key candidates to use for authentication

HTTP status used by globalRedirect and forceSSL

Key to use for connections to kubelet.

Skydns path of TLS certificate authority public key.

Root directory for requests.

Path to a file containing the camo HMAC key.

This public key is an SSH certificate authority, rather than an individual host's key.

Key file for client cert authentication to the server.

The TLS certificate private key, as a base64-encoded string

Configuration for Gemstash

Whether to check the resulting config file with unbound checkconf for syntax errors

Path to the private key to the matching certificate signing request.

Adds index directive.

Enable PROXY protocol.

Alias directory for requests.

Keyboard configuration.

Host which to proxy requests to if ACME challenge is not found

A list of host interfaces to bind to for this virtual host.

The trusted servers to download signing keys from.

Specifies what to do when the reboot key is pressed.

The path of the Searx server settings.yml file

File that contains the keycloak client secret.

Whether to enable SKS (synchronizing key server for OpenPGP) and start the database server

Adds try_files directive.

Path to the keyboard's device file.

Whether to enable yubikey-touch-detector.

The filepath to the provider secret key

The hostname of the cache server. This is used to generate the private key used for signing store paths (.narinfo)

Adds a return directive, for e.g. redirections.

Extra command line arguments passed to kanata.

File pointing to preshared key as generated by wg genpsk

Listen addresses for this virtual host

Wait for a keystroke before hiding the cursor

Flags from tlsrpt-collectd(1) as key-value pairs.

The key sequence that should be remapped

The robot.conf configuration file as key value set

Key file for client cert authentication to the server.

Database name to use when connecting to an external or manually provisioned database; has no effect when a local database is automatically provisioned

Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.

Adds uwsgi_pass directive and sets recommended proxy headers if recommendedUwsgiSettings is enabled.

OpenSSH private key

A run-time path to the key file, which is supposed to be provisioned outside of Nix store.

Path to SSH host key

Path to server SSL certificate.

Secret key used as a base to generate further secrets for encrypting and signing data

Hostname of the database to connect to

TLS key to use instead of the hardcoded on in case of HTTPS connections

Basic Auth protection for a vhost

SSH private key file to use to login to the remote system

Enables verbose logging

Flask Secret Key

Path to SSH private key used to fetch private repositories over SSH.

The name of the service to run

Output path for the certificate private key

The database.yml configuration file as key value set

The SSL / TLS CA certificate that verifies the identity of the database server

TLS certificate and key paths

Ctrl following by this key is used as the main shortcut.

Configuration other than defcfg

These lines go to the end of the location verbatim.

Path to file with trusted public keys in OpenSSH's authorized_keys format

Path to a file containing the secret API key to use when modifying DNS records.

An unencrypted device that will temporarily be mounted in stage-1

Hostname of the trusted server.

The main.cf configuration file as key value set.

Path to a file containing the secret key.

Specifies what to do when the suspend key is pressed.

The path to a daemon's secret key.

Path to a keyfile used to unlock the backing encrypted device

Influences logging

The path to a file containing the database password

CAPTCHA site key to use for Gitea.

Whether to automatically set up a local PostgreSQL database and configure Sharkey to use it.

Etcd key prefix

Extra parameters of this listen directive.

Servers listed here will be used to gather public keys of other servers (notary trusted key servers)

Whether to enable A 33-key layout that works with all keyboards..

If set to true, yubikey-touch-detector will send notifications to a unix socket

(key=value) Configuration to be written to common.runtime.properties

Basic Auth password file for a vhost

The key sequence that should be output when the input sequence is entered

How much the iteration count for PBKDF2 is increased at each successful authentication.

Private key decryption passphrase for a key in the rsa folder.

Configuration for MPD

Path to a file containing the Minio access key id.

WireGuard public key corresponding to the remote Rosenpass peer.

A file containing the Discourse API key used to add posts and messages from mail

A file containing the Laravel APP_KEY - a 32 character long, base64 encoded key used for encryption where needed

Enables dynamic resolving of backchannel URLs, including hostname, scheme, port and context path

Order of this location block in relation to the others in the vhost

config.xml configuration as a Nix attribute set

Whether to enable pay-respects' LLM integration

Create the PostgreSQL database locally

Specifies what to do when the power key is long-pressed.

Server definitions ("stanzas") for the client system-options file

PEM encoded private key for TLS

Passkeys required to access the periphery API

Path to the server's CA certificate key.

The path to the file containing the value for sessions.hashkey

Paths to keyboard devices

Private key decryption passphrase for a key in the ecdsa folder.

Private key decryption passphrase for a key in the pkcs8 folder.

(key=value) Configuration to be written to runtime.properties of the druid Druid Broker https://druid.apache.org/docs/latest/configuration/index.html

(key=value) Configuration to be written to runtime.properties of the druid Druid Router https://druid.apache.org/docs/latest/configuration/index.html

Configuration of defcfg other than linux-dev (generated from the devices option) and linux-continue-if-no-devs-found (hardcoded to be yes)

Key / certificate pairs for the virtual host.

Whether to enable the cjdns network encryption and routing engine

File pointing to preshared key as generated by wg genpsk

Path to root SSL certificate for stapling and client certificates.

What actions can be performed with this SSH key

The settings to use for dsnet

FastCGI parameters to override

Whether to start the OpenSSH agent when you log in

Authentication to expect from remote

ESP proposals to offer for the CHILD_SA

The path to load the secretKey for signing narinfos

Whether to enable automatic generation of the defcfg block

Configuration for filebeat

This configuration key contains the effective text of the client system-options file "dsm.sys"

The path to the xkb types file

Path to file containing the public key used for Web Push Voluntary Application Server Identification

The path to a PEM formatted certificate to use for TLS/SSL connections.

File path that contains the Base64-encoded private key for HTTPS termination

Base64 private key generated by wg genkey

Specify partitions as a set of the names of the partitions with their configuration as the key.

A file containing the Laravel APP_KEY - a 32 character long, base64 encoded key used for encryption where needed

Path to the Public Key.

Specifies what to do when the reboot key is long-pressed.

An SSH public key (as an absolute file path or directly as a string), usually generated by rad auth.

Legacy RSA public key of the host in PEM format, including start and end markers

Format: [AXFR|UDP] <ip-address> <key-name | NOKEY>

The path to the file containing Django's secret key

The path to the file containing Django's secret key

Private key decryption passphrase for a key in the private folder.

Whether a database should be automatically created on the local host

DEPRECATED: Use services.harmonia.signKeyPaths instead

Username to use when connecting to an external or manually provisioned database; has no effect when a local database is automatically provisioned

Key-value pairs that convey additional parameters about a stream.

The config file

How often to check whether dnssec key rollover is required

Path to TLS certificate

The path to a file containing the database password

Maximum number of returned keys in keys command. keys is a dangerous command

Whether to support proxying websocket connections with HTTP/1.1.

Initial password set for the temporary admin user

The path to the TLS certificate.

  nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"

Key / certificate pairs for the virtual host.

Key policy for zone signing keys

Path to a file containing the CAPTCHA secret key.

NixOS can automatically generate SSH host keys

If set to true, yubikey-touch-detctor will send notifications using libnotify

Disable checking that at least the root user or a user in the wheel group can log in using a password or an SSH key

Path to the server's private key.

Extra configuration options to put at the end of global initialization, before defining BSSs

Path to a file containing the shared key.

The key that should be remapped

Path to the RSA private key (not password-protected) used to decrypt authentication credentials from the client.

List of kernel modules to include in the initrd to support the keyboard.

Authorized clients for a v3 onion service, as a list of public key, in the format:

descriptor:x25519:<base32-public-key>

See torrc manual.

Whether to enable ssl_dh and generation of primes for the key exchange.

Base64 encoded GCP service account key

The path to the xkb symbols file

Path to a file containing the Minio secret access key.

List of paths to files containing environment variables for Sharkey to use at runtime

File containing the api key.

File path that contains the S3 access key.

File path that contains the S3 secret key.

Specifies what to do when the suspend key is long-pressed.

Allowed key exchange algorithms

Uses the lower bound recommended in both https://stribika.github.io/2015/01/04/secure-secure-shell.html and https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67

Mutual TLS - client key to call remote instance requiring client certs

Extra permission groups to attach to the KMonad instance for this keyboard

Private key for OCSP responder certificate

Path to the server's public key.

Specifies what to do when the hibernate key is pressed.

Set contents of the files "KDB/DB_CONFIG" and "PTree/DB_CONFIG" within the ${dataDir} directory

Whether to enable keys to run shell commands.

Enable or disable PKCE (Proof Key for Code Exchange) support

Specifies the available KEX (Key Exchange) algorithms.

Whether Galene should listen in http or in https

Port to listen on.

S3 access key.

Authentication to perform locally.

• The default pubkey uses public key authentication using a private key associated to a usable certificate.
• psk uses pre-shared key authentication.
• The IKEv1 specific xauth is used for XAuth or Hybrid authentication,
• while the IKEv2 specific eap keyword defines EAP authentication.
• For xauth, a specific backend name may be appended, separated by a dash

(key=value) Configuration to be written to runtime.properties of the druid Druid Overlord https://druid.apache.org/docs/latest/configuration/index.html

A key-value map of user data

TLS private key to use

Key bindings for actkbd

Enables Uber's USSH PAM (pam-ussh) module

Time in seconds to wait for the FIDO2 key.

User name under which the keylight exporter shall be run.

Path to a file containing the secret key.

Secret key for the S3 storage backend

Path to server SSL certificate key.

Path to server SSL certificate key.

JWT private key

Group under which the keylight exporter shall be run.

The bit size for the prime that is used during a Diffie-Hellman key exchange.

Create and use a local Meilisearch instance

Base64 private key generated by wg genkey

The path to a file containing only the access-key-id.

A file containing the Laravel APP_KEY - a 32 character long, base64 encoded key used for encryption where needed

Key / certificate pairs for the virtual host.

Path to the SSH host public key.

If provided this is the full path to a file that contains the key to enable [server-side encryption with customer-provided keys][1] (SSE-C)

Configuration parameters to set in parsedmarc.ini

The (base64-encoded) public host key of this builder

(key=value) Configuration to be written to runtime.properties of the druid Druid middleManager https://druid.apache.org/docs/latest/configuration/index.html

Whether to enable systemd hardening.

Whether to enable the prometheus keylight exporter.

Location where to store the ShellHub Agent private key.

Secret key for the minio storage backend

Whether to enable evdevremapkeys, a daemon to remap events on linux input devices.

Force path-style S3 addressing (bucket/key vs key.bucket).

Specifies the host key algorithms that the client wants to use in order of preference.

Sieve scripts to be executed

File path that contains the S3 secret key.

IKE rekeying refreshes key material using a Diffie-Hellman exchange, but does not re-check associated credentials

Enable recommended proxy settings.

Enable recommended uwsgi settings.

base64-encoded public ECDH key.

GAP-Signature request signature key.

Path to a file containing the secret key.

A file containing the MaxMind license key

Whether to enable dkimproxy_out

The name of the service to run

Extra commandline options to pass to the keylight exporter.

The AWS API key secret

The AWS API key id

File containing the api-key.

File containing the api-key.

File containing the api-key.

File containing the api-key.

Whether to enable U2F support in the i3lock program

Replacement-filepath mapping for sogo.conf

Remote public key in hexadecimal form.

Path to a file containing the secret key.

Path to server SSL certificate key.

A file containing the Laravel APP_KEY - a 32 character long, base64 encoded key used for encryption where needed

Path to the SSH host private key.

If set, the calling user's SSH agent is used to authenticate against the configured keys

geoipupdate configuration options

base64-encoded private ECDH key

A file containing the auth key

Optional file containing a self-managed signing key to sign uploaded store paths.

A file containing the password or a TSIG key in named format when using the nsupdate protocol.

Path to server SSL certificate key.

A list of public keys of upstream caches in the format host[-[0-9]*]:public-key

File containing the api-key.

Specifies what to do when the hibernate key is long-pressed.

Absolute file path to an SSH private key, usually generated by rad auth

Path to server TLS certificate key.

SSH private key file to use to login to the remote system

A path to a file containing the hmac_key

Whether to automatically generate cfssl CA certificate and key, if they don't exist.

If set, users listed in $XDG_CONFIG_HOME/Yubico/u2f_keys (or $HOME/.config/Yubico/u2f_keys if XDG variable is not set) are able to log in with the associated U2F key

The path to a file containing only the secret-access-key.

Attribute set of buildkite agents

Path of a file containing secrets (gpg passphrase, access key...) in the format of EnvironmentFile as described by systemd.exec(5)

The name of the plugin to use as the key for the plugin configuration.

Snipe-IT configuration options to set in the .env file

Address to listen on.

How long after deactivation to keep a key in the zone

How long after deactivation to keep a key in the zone

Integration key.

File containing the api-key.

Enable automatic generation of account keys

Path to the client private key, which is used by nsd-control but not by the server

File containing the Flask secret key

Open port in firewall for incoming connections.

(key=value) Configuration to be written to runtime.properties of the druid Druid Historical https://druid.apache.org/docs/latest/configuration/index.html

Clear all default commands

Specify partitions as a set of the names of the definition files as the key and the partition configuration as its value

Path to server SSL certificate key.

Options to be added to config.php, as a nix attribute set

AH proposals to offer for the CHILD_SA

Path to the HQPlayer license key file

Extra configuration options to put at the end of this BSS's defintion in the hostapd.conf for the associated interface

A list of public keys of upstream caches in the format host[-[0-9]*]:public-key

This is a small wrapper over systemd's LoadCredential

A Setup Key file path used for automated login of the machine.

A Setup Key file path used for automated login of the machine.

A file containing the secret used to encrypt variables in the DB

Path to the private key used for TLS.

Whether to automatically generate cfssl API webserver TLS cert and key, if they don't exist.

Enable ntopng, a high-speed web-based traffic analysis and flow collection tool

Key file for client cert authentication to the server.

Key file for client cert authentication to the server.

Time to schedule CHILD_SA rekeying

Specify rules for nftables to add to the input chain when services.prometheus.exporters.keylight.openFirewall is true.

Attribute set of lines for the global faxq config file etc/config

Enables U2F PAM (pam-u2f) module

These options tell pgmanage where the TLS Certificate and Key files reside

File containing x509 private key matching tlsCertFile.

Routes that Stargazer should server

Clients' authorizations for a v3 onion service, as a list of files containing each one private key, in the format:

descriptor:x25519:<base32-private-key>

See torrc manual.

A file containing the secret used to encrypt secrets for OTP tokens

Path to server SSL certificate key.

Path to server SSL certificate key.

Path to server SSL certificate key.

File containing the JWT private key

A proposal is a set of algorithms

Path to server SSL certificate key.

Any additional entries you want added to the systemd-boot menu

Define the source of randomness to obtain a random key for encryption.

Path to file containing local secret key in binary or hexadecimal form.

Attribute set of lines for the global hfaxd config file etc/hfaxd.conf

An attribute set in which each key represents a container and each value an attribute set providing its configuration properties

The key must be pressed twice in XX ms to enable repetitions.

The configuration to give rss2email

Path to the signing key file for authenticated media.

Key file for client cert authentication to the server.

Key file for client cert authentication to the server.

Local secret key in hexadecimal form.

Whether to enable the OpenAFS server

Number of bytes processed before initiating CHILD_SA rekeying

Specify transfers as a set of the names of the transfer files as the key and the configuration as its value

monica configuration options to set in the .env file

Specify a filter for iptables to use when services.prometheus.exporters.keylight.openFirewall is true

(key=value) Configuration to be written to runtime.properties of the druid Druid Coordinator https://druid.apache.org/docs/latest/configuration/index.html

Enable or disable TLS

Path to server SSL certificate key.

Path to server SSL certificate key.

Path to server SSL certificate key.

Path to server SSL certificate key.

Path to server SSL certificate key.

Extra options to be added under production in config/gitlab.yml, as a nix attribute set

Enable the cloud-init service

Permissions granted for the services.syncoid.user user for local target datasets

Path to server SSL certificate key.

A file containing the secret used to encrypt variables in the DB

Path to a file containing the PeeringDB API key.

Path to server SSL certificate key.

Base64-encoded public key for the node, used as the node's ID.

Key file for client cert authentication to the server.

Key file for client cert authentication to the server.

Key file for client cert authentication to the server.

Key file for client cert authentication to the server.

Key file for client cert authentication to the server.

File must contain one line, example: {"R3300000":"Delta 2","R3400000":"Delta Pro",...} The key/value map of custom names for your devices

Public key at the opposite end of the tunnel.

Public key at the opposite end of the tunnel.

Path to server SSL certificate key

Number of packets processed before initiating CHILD_SA rekeying

Extra parameters to pass after the auth key

Path to the SSL key.

The SSL certificate's key to be used for kasmweb

Path to server SSL certificate key.

The key must be held XX ms to become a layer shift.

File containing environment variables to be passed to Readeck

Path to server SSL certificate key.

Attribute set of values for the given modem

Provide the path where n8n will create the .n8n folder

Environment variables for configuring the beszel-agent service

Path to server SSL certificate key.

Account key for the Azure Blob storage backend

Key file for client cert authentication to the server.

Path to server SSL certificate key.

Path to server SSL certificate key.

Path to server SSL certificate key.

Path to server SSL certificate key.

Path to server SSL certificate key.

Path to server SSL certificate key.

Path to server SSL certificate key.

Path to the secret openai api key used for embeddings.

Key bindings for triggerhappy.

Agorakit configuration options to set in the .env file

Access key to use. https://console.scaleway.com/project/credentials

BookStack configuration options to set in the .env file

Email address of key contact responsible for this site

Secret key to use when listing targets. https://console.scaleway.com/project/credentials It is mutually exclusive with secret_key_file.

Configuration from which XMonad gets compiled

Path to SSH key used to login to host.

Attribute set of default values for modem config files etc/config.*

Whether to enable sendRaw feature which adds the options -w to the zfs send command

A set with the key names being the environment variable you'd like to set and the values being a list of paths to text documents containing lists of words

Path to server SSL certificate key.

The path to the server SSL certificate key

Key file for client cert authentication to the server.

Key file for client cert authentication to the server.

Key file for client cert authentication to the server.

Path to server SSL certificate key.

Configuration options in RabbitMQ's new config file format, which is a simple key-value format that can not express nested data structures

Enable EXPERIMENTAL BitLocker support

Extra settings in the form of a set of key-value pairs

Configuration options to add to Workhorse's configuration file

File containing the gossip secret, a shared secret key to use for gossip encryption

Path to server SSL certificate key.

Path to server SSL certificate key.

Whether to configure Privoxy to inspect HTTPS requests, meaning all encrypted traffic will be filtered as well

The base64 public key to the peer.

Path to server SSL certificate key.

The network's pre-shared key in plaintext defaulting to being a network without any authentication.

Location of the key with which IRC passwords are encrypted for storage

Path to an environment file to be loaded

Definition for a private key that's stored on a token/smartcard/TPM.

Postquantum Preshared Key (PPK) section for a specific secret

Private key file as generated by wg genkey.

Key file for client cert authentication to the server.

List of raw public keys to accept for authentication

Enable cron service which periodically runs Invoiceplane tasks

32-byte key used to encrypt variables in the database

Zone identifier key

A file containing the secret key of your Spotify application

TURN REST API flag

Data hall identifier key

Permissions granted for the services.syncoid.user user for local target datasets

File containing environment variables to be passed to the mautrix-signal service

Kubernetes controller-manager private key file.

Key file for client cert authentication to the server.

Environment variables passed to the backup script

Value of decryption passphrase for RSA key.

Path to server SSL certificate key.

Sets the secret key with the credentials read from the configured file

Options for the auth plugin

Description of how to identify the filesystem to be duplicated by this instance of bees

Optional PIN required to access the key on the token

Value of decryption passphrase for ECDSA key.

Machine identifier key

Value of decryption passphrase for PKCS#8 key.

Accepts PostgreSQL URI form and key=value form arguments.

Path to the file containing the password for the intermediate certificate private key.

Key file for client cert authentication to the server.

File that contains the cadvisor storage driver password.

storageDriverPasswordFile takes precedence over storageDriverPassword

Warning: when storageDriverPassword is non-empty this defaults to a file in the world-readable Nix store that contains the value of storageDriverPassword

Number of retransmission sequences to perform during initial connect

If true on import encryption keys or passwords for all encrypted datasets are requested

Hex-encoded CKA_ID or handle of the private key on the token or TPM, respectively.

File containing environment variables to be passed to the mautrix-whatsapp service

The base64 public key of the peer.

Authentication key.

Path to server SSL certificate key.

Allows the generation of a private key and associated self-signed certificate

Public SSH keys that are given full write access to this repository

Path to your private key file used to encrypt OIDC JWTs.

Encrypt swap device with a random key

Private key file as generated by wg genkey.

Value of decryption passphrase for private key.

Key file for client cert authentication to the server.

Automatically generate a private key with wg genkey, at the privateKeyFile location.

API Key to authenticate with the Moonraker APIs

Discourse site settings

Additional systemd dependencies required to succeed before the Setup Key file becomes available.

Additional systemd dependencies required to succeed before the Setup Key file becomes available.

Whether to enable automatic generation and persistence of keys

Private key to authenticate with.

Length of the key to encrypt IRC passwords with

Data center identifier key

Path to your storage encryption key.

Encrypt swap device with a random key

String identifying the Postquantum Preshared Key (PPK) to be used.

Kubernetes controller manager PEM-encoded private RSA key file used to sign service account tokens

An ordered, comma-separated list of key-value pairs that describe the topography of the machine

Automatically generate a private key with wg genkey, at the privateKeyFile location.

This key must be set to enable the Active Record Encryption feature within Rails that Mastodon uses to encrypt and decrypt some database attributes

List of paths to the server private keys and certificates.

https://www.postfix.org/postconf.5.html#smtpd_tls_chain_files

PEM encoded X509 certificate for TLS

Extra config to be appended to the interface config

Directory for storing certificates to be used by Neo4j for TLS connections

This key must be set to enable the Active Record Encryption feature within Rails that Mastodon uses to encrypt and decrypt some database attributes

The AWS API keys

The AWS API keys

Whether a Postquantum Preshared Key (PPK) is required for this connection

Path to the service account private key (in JSON-format) used to forward log entries to Stackdriver Logging on non-GCP instances

Enables Aggressive Mode instead of Main Mode with Identity Protection

If this attribute is given, SAE-PK will be enabled for this connection

This key must be set to enable the Active Record Encryption feature within Rails that Mastodon uses to encrypt and decrypt some database attributes

Web Push Notifications configuration

Send certificate request payloads to offer trusted root CA certificates to the peer

Sets the password for WPA-PSK that will be converted to the pre-shared key

Use childless IKE_SA initiation (allow, prefer, force or never)

Sets the password(s) for WPA-PSK