all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* Another service definition question: Files containing secrets?
@ 2024-07-28 21:27 Zack Weinberg
  2024-07-29 15:38 ` Hartmut Goebel
  2024-07-29 23:33 ` Giacomo via
  0 siblings, 2 replies; 4+ messages in thread
From: Zack Weinberg @ 2024-07-28 21:27 UTC (permalink / raw)
  To: help-guix

The same slightly weird daemon I was talking about earlier expects to
find another file in /etc containing a piece of secret information - namely,
a token it will use to authenticate to a remote server.  This token does
not change in normal operation, and the most natural way to deal with it
would be to provide it as part of the service configuration.  (It cannot
be generated at activation time, the way SSH host keys are.)

The *problem* with this is that it appears there's no way to make a file
in the store not be world readable.

What's the best way to deal with this situation?

zw


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2024-08-03  9:10 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-07-28 21:27 Another service definition question: Files containing secrets? Zack Weinberg
2024-07-29 15:38 ` Hartmut Goebel
2024-08-03  9:09   ` Marek Paśnikowski
2024-07-29 23:33 ` Giacomo via

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.