Tag
A blog post explaining how to combine SOPS with Age for encrypting secrets outside the cluster and Bitnami Sealed Secrets for in-cluster decryption, enabling a GitOps workflow for Kubernetes.
A thread sharing a structured install order for agentic projects: using direnv with a secrets manager for credential safety, litellm or portkey as a model proxy for cost and fallback management, uv+git commits on passing evals for reproducibility, and mitmproxy for full observability of LLM calls. Highlights common failure modes and security gaps.
A tutorial explaining secrets management options for NixOS, comparing tools like sops-nix, agenix, and ragenix, with practical examples of using sops-nix for encrypted secrets management.
Blog post proposes offloading API-key injection to an internal HTTP proxy so apps and agents never see secrets, easing rotation and reducing exfiltration risk.