From 68d4e2c04c6e591263a12876cfa17c4ea96742ef Mon Sep 17 00:00:00 2001
From: Mohammad Rafiq <mohammadrafiq567@gmail.com>
Date: Wed, 26 Mar 2025 23:00:28 +0800
Subject: [PATCH] docs: update README.md with sops info

---
 README.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 4941513..f79ee6f 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
->"This is fucking brilliant. Nobody needs this, nobody has a real use for this and this definitely does not attract girls. Still, I'll try this and probably love it. -Tim Goeree"
+> "This is fucking brilliant. Nobody needs this, nobody has a real use for this and this definitely does not attract girls. Still, I'll try this and probably love it. -Tim Goeree"
 
 # As Yet Unreproducible
 
@@ -6,7 +6,14 @@
 - [ ] Spotify login
 - [ ] Firefox login
 
+# Adding Secrets with sops-nix
+
+Secrets are stored in secrets/secrets.yaml. You can edit these secrets with `sops secrets/secrets.yaml` given you have an age private key stored at `~/.config/sops/age/keys.txt`.
+
+To decrypt these secrets with sops-nix during a rebuild, you must add your host public key to the `.sops.yaml` file. Generate it with `cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age`, add it to the file, then run `sops updatekeys secrets/secrets.yaml`.
+
 # Acknowledgements
+
 - https://www.youtube.com/watch?v=CwfKlX3rA6E for piquing my interest in this OS in the first place
 - https://nixos-and-flakes.thiscute.world/ for teaching me about nix, nixos, flakes, and home-manager in an extremely easy to follow and well-documented fashion
 - https://blog.notashelf.dev/posts/2025-02-24-ssh-signing-commits.html for teaching me how to trivially sign my commits