From: "Ludovic Courtès" <ludo@gnu.org>
To: raingloom <raingloom@riseup.net>
Cc: guix-devel@gnu.org
Subject: Re: Secrets in (generated) configs. How to deal with them?
Date: Tue, 09 Jun 2020 18:24:38 +0200 [thread overview]
Message-ID: <87bllsgqbd.fsf@gnu.org> (raw)
In-Reply-To: <20200609004302.3757a950@riseup.net> (raingloom@riseup.net's message of "Tue, 9 Jun 2020 00:43:02 +0200")
Hi,
raingloom <raingloom@riseup.net> skribis:
> I'm trying to package Yggdrasil as a Guix service and I took a look at
> what NixOS does and they actually don't simply generate the config in
> the store, instead it's combined with another input of the service and
> the combined JSON is fed to Yggdrasil on stdin.
>
> Is this how I should do it as well? Or maybe the Guix store can make
> some outputs private?
This is one of the things we discussed at the Guix Days:
https://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/doc/guix-days-2020/guix-secrets.org
One of the ideas we came up with that could fly is to have a
‘secret-service-type’ (ah ha!), which you could extend with key/value
pairs. At run time, secrets could be fetched from the local file
system or by querying a daemon.
Food for thought!
Ludo’.
prev parent reply other threads:[~2020-06-09 16:24 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-08 22:43 Secrets in (generated) configs. How to deal with them? raingloom
2020-06-08 22:51 ` Julien Lepiller
2020-06-09 16:24 ` Ludovic Courtès [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bllsgqbd.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=guix-devel@gnu.org \
--cc=raingloom@riseup.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).