https://simonshine.dk/tags/secrets/Recent content in Secrets on Simon ShineHugoen-usFri, 15 May 2026 02:37:41 +0200https://simonshine.dk/articles/managing-secrets-privately-with-sops-nix/Fri, 15 May 2026 02:37:41 +0200https://simonshine.dk/articles/managing-secrets-privately-with-sops-nix/<h2 id="motivation"> Motivation <a class="heading-anchor" href="#motivation" aria-label="Link to this section">¶</a> </h2> <p>I run a small Kubernetes cluster managed declaratively with <a href="https://www.talos.dev/">Talos Linux</a> and <a href="https://github.com/hall/kubenix">kubenix</a>. The repository that defines the cluster &ndash; every Helm deployment, Talos node configuration and ArgoCD application &ndash; is something I&rsquo;d like to publish: it&rsquo;s how I document my own setup to help myself remember what&rsquo;s true. Other people might find the patterns useful.</p> <p>The cluster also has secrets: a kubeconfig, a Hetzner Cloud API token, a talosconfig with a CA bundle inside it. Those obviously can&rsquo;t go in the public repo. But without them, the infrastructure as code is incomplete.</p>