git clone git@github.com:modiase/dotfiles.git ~/dotfiles \
&& cd ~/dotfiles \
&& bin/bootstrap \
&& source ~/.nix-profile/etc/profile.d/nix.sh \
&& bin/activatenix run .#build-system-image # Interactive selection
nix run .#build-system-image -- hekate # Build specific systemThe secrets CLI provides unified access to credentials across platforms (macOS Keychain, Linux pass, GCP Secret Manager).
secrets list # List local secrets
secrets list --network # List GCP secrets
secrets get <name> # Get secret (copies to clipboard)
secrets get <name> --read-through # Try local first, fall back to GCP
secrets get <name> --read-through --store-local # Cache GCP secret locally
secrets store <name> <value> # Store a secretThe --network flag uses Google Cloud Secret Manager, which requires Application Default Credentials (ADC).
macOS / Interactive:
gcloud auth application-default loginHeadless servers:
gcloud auth application-default login --no-browserThis outputs a URL to visit on another machine. Complete authentication there and paste the code back.
Verify ADC is configured:
gcloud auth application-default print-access-token