From 1fc2dd072b9bf5f82e5d98979da337bd24f3b74e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Thu, 3 Apr 2025 14:02:05 +0200
Subject: [PATCH] docs/secrets: mention defaultGroups option

---
 docs/site/manual/secrets.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/site/manual/secrets.md b/docs/site/manual/secrets.md
index b42559400..147151237 100644
--- a/docs/site/manual/secrets.md
+++ b/docs/site/manual/secrets.md
@@ -87,6 +87,14 @@ Here's how to get started:
    clan secrets groups add-secret <group_name> <secret_name>
    ```
 
+**TIP** To encrypt all secrets of a machine for a specific group, use the following NixOS configuration:
+
+```
+{
+  clan.core.sops.defaultGroups = [ "groupname" ]
+}
+```
+
 ### Adding Machine Keys
 
 New machines in Clan come with age keys stored in `./sops/machines/<machine_name>`. To list these machines: