# `_utils.setupSecrets` `attrset -> {namespace ? "", secrets[list], config ? freeformAttrset} -> secretHelpers` This is a higher-level setup that wraps around `_utils.genSecrets` and provides some additional helper functions. Usage of this function should make more sense than just using `genSecrets`. ```admonish note `.generate` is not actually a function. The attrset is "already" "rendered" should it be actually resolved by not being ignored by lazy eval. This is essentially equivalent to `genSecrets`, but is now an inline module that can be put inside an input block instead of being a random attrset. ``` NOTE: does not support overriding config for only 1 path. might implement when demand arises. The definition of `secretHelpers` is defined as follows: ```nix secretHelpers = { generate = {}; # => {sops.secrets.* = } (inline module) get = path: ""; # => actual path of the secret, usually /run/secrets/the/secret placeholder = path: ""; # => placeholder string generated by sops-nix, for that secret path to be used in templates. getTemplate = file: ""; # => actual path of the template, realized at activation time, similar to the get function. mkTemplate = file: content: {}; # => {sops.templates.* = ...;} # ^ => filename of the template. can be any arbitrary string. } ``` ## Example ```nix { _utils, config, ... }: let secrets = _utils.setupSecrets config { namespace = "balls"; # for us, the namespace is just the top level element in our secrets yaml file. config = { owner = "jane"; }; secrets = [ "my/definitions/gock" "my/sizes/gock" ]; }; in { imports = [ secrets.generate (secrets.mkTemplate "my-secret.env" '' MY_GOCK_SIZE=${secrets.placeholder "my/sizes/gock"} '') ]; some.service.settings.gock.file = secrets.get "my/definitions/gock"; # resolves to the path of balls/my/definitions/gock. some.service.settings.envFile = secrets.getTemplate "my-secret.env"; } ```