# unpackPhase
# patchPhase
# configurePhase
# buildPhase
# checkPhase
# installPhase
# fixupPhase
# installCheckPhase
# distPhase
{
  lib,
  pkgs,
  stdenv,
  runCommand,
  writeText,
  ...
}:
let
  to_yaml_file =
    file_name: contents:
    let
      settingsFormat = pkgs.formats.yaml { };
      yaml_file = settingsFormat.generate file_name contents;
    in
    yaml_file;
  to_yaml =
    file_name: contents:
    let
      settingsFormat = pkgs.formats.yaml { };
      yaml_file = settingsFormat.generate file_name contents;
      yaml_content = builtins.readFile yaml_file;
    in
    yaml_content;
  kube_encryption_key = runCommand "kube_encryption_key" { } ''
    head -c 32 /dev/urandom | base64 | tee $out
  '';
  kube_encryption_config = {
    kind = "EncryptionConfig";
    apiVersion = "v1";
    resources = [
      {
        resources = [ "secrets" ];
        providers = [
          {
            aescbc = {
              keys = [
                {
                  name = "key1";
                  secret = (builtins.readFile "${kube_encryption_key}");
                }
              ];
            };
          }
          { identity = { }; }
        ];
      }
    ];
  };
  kube_encryption_config_yaml = (to_yaml_file "encryption-config.yaml" kube_encryption_config);
in
stdenv.mkDerivation (finalAttrs: {
  name = "k8s-encryption-key";
  nativeBuildInputs = [ ];
  buildInputs = [ ];

  unpackPhase = "true";

  installPhase = ''
    mkdir "$out"
    cp "${kube_encryption_config_yaml}" $out/encryption-config.yaml
  '';
})