artifacts​.config​.agenix​.flakeStoreDir

Path to the directory where encrypted ​.age files are stored, relative to your flake​. This path is used by agenix to find and decrypt secrets at runtime​.

Either a path inside the flake (e​.g​. ​./secrets) or a separate flake input dedicated to secrets (e​.g​. inputs​.my-secrets)​.

Type: absolute path

Example:

./secrets

artifacts​.config​.agenix​.identityPaths

Paths to private keys (SSH or age) used to decrypt secrets at runtime​. These are passed to agenix for decryption​.

Type: list of string

Example:

[
  "~/.ssh/id_ed25519"
]

artifacts​.config​.agenix​.publicUserKeys

Public keys used to encrypt secrets for this user configuration​. Can be SSH public keys or age public keys (including YubiKey age keys)​.

Type: list of string

Default:

[ ]

artifacts​.config​.agenix​.storeDir

Directory where the TUI writes encrypted ​.age files during serialization​. This is the working directory used when running artifacts serialize​.

Type: string

Default:

"secrets"

Example:

"$HOME/nixos-secrets"

artifacts​.config​.agenix​.username

User identifier used in the directory structure for encrypted secrets​. Secrets are stored under per-user/​<​username>/​.

Type: string

Default:

"config.home.username"