Skip to content
Kānuka

Where Kānuka Stores Your Files

Kānuka creates different files depending on which features you’re using. Understanding where everything goes helps you work effectively with the tool.

Secrets Management Files

Section titled “Secrets Management Files”

Kānuka stores all your secrets-related files in a .kanuka folder at the root of your project. For example, if you had an Astro project, it may look like this:

  • astro.config.mjs
  • package.json
  • .env your secrets, which should be in .gitignore
  • .env.kanuka your secrets, encrypted by Kānuka
  • Directorysrc
    • Directorycomponents/
    • Directorypages/
  • Directory.kanuka
    • Directorypublic_keys
      • user_1.pub
      • user_2.pub
    • Directorysecrets
      • user_1.kanuka
      • user_2.kanuka

Grove Development Environment Files

Section titled “Grove Development Environment Files”

When you use Grove for development environments, Kānuka creates additional files:

  • astro.config.mjs
  • package.json
  • devenv.nix environment definition
  • devenv.yaml devenv configuration
  • kanuka.toml Grove configuration
  • Directory.devenv/ generated files (not committed)
    • Directoryprofile/
    • Directorystate/
  • Directory.kanuka secrets management (if using secrets)
    • Directorypublic_keys/
    • Directorysecrets/

Grove Files Explained

Section titled “Grove Files Explained”
  • devenv.nix: The main environment definition written in Nix language.
  • devenv.yaml: Configuration for devenv, including package sources.
  • kanuka.toml: Kānuka’s own configuration tracking what Grove has added.
  • .devenv/: Generated environment files (automatically excluded from git).

What Gets Committed

Section titled “What Gets Committed”

All files created by Kānuka are safe to commit to version control, except:

  • Private keys (stored in your user directory).
  • Generated environment files (.devenv/ directory).

A core concept to understand is that each user has their own version of a symmetric key, but everyone has the same symmetric key. To read more about how encryption and decryption works, check out the encryption concepts page.

User specific files

Section titled “User specific files”

Of course, to decrypt a file that has been encrypted by an RSA key pair, the user will need to have their matching private key. By default, the private keys are stored at XDG_DATA_HOME (which defaults to ~/.local/share/kanuka/ for UNIX-like systems, and %APPDATA%\kanuka\ on Windows).

They look like this:

  • Directorykanuka at ~/.local/share/kanuka or equivalent
    • Directorykeys
      • project_one this is a private key for project_one
      • project_one.pub the corresponding public key
      • project_two
      • project_two.pub

Kānuka will reach into your XDG_DATA_HOME and find the correct private key, and use that to decrypt your version of the symmetric key.

Continue reading to find out more about how Kānuka actually encrypts and decrypts files.