Best way to handle secrets

Any best practices to handle “secrets” with flox?

Currently I’m using also direnv to store then as env vars.

Wondering if there is other options using just flox.

I guess I can configure the environment to source that file on load.


I’ve used the hook.script (and soon to be profile.common in the upcoming 1.0.2 release) to fetch them from a secret manager and hydrate the environment variables. Your method of setting from source files works too. I think part of the best practice depends on where you’re getting the secrets from…

Ok, thanks!

I use gopass, so it should be easy to integrate.