Here's a comment I left on it's benefits: https://news.ycombinator.com/item?id=10714102
What's the issue with keys/secrets you've had?
We ended up adding a hashicorp vault server to our deployment, but that felt like adding a lot of complexity for a very basic part of the deployment process.
A blessed solution for a common setup that doesn’t involve checking in secrets into the repository would be very useful. Better yet, some first-party support through nixos or nixops.
- how do you provision & manage systems/instances?
- relative to any other ways you've done this, how much effort goes into standing up the first server, any additional servers, and ongoing maintenance/management?