Re: Secrets in (generated) configs. How to deal with them?

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secrets in (generated) configs. How to deal with them?

From:	Ludovic Courtès
Subject:	Re: Secrets in (generated) configs. How to deal with them?
Date:	Tue, 09 Jun 2020 18:24:38 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)

Hi,

raingloom <raingloom@riseup.net> skribis:

> I'm trying to package Yggdrasil as a Guix service and I took a look at
> what NixOS does and they actually don't simply generate the config in
> the store, instead it's combined with another input of the service and
> the combined JSON is fed to Yggdrasil on stdin.
>
> Is this how I should do it as well? Or maybe the Guix store can make
> some outputs private?

This is one of the things we discussed at the Guix Days:

  
https://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/doc/guix-days-2020/guix-secrets.org

One of the ideas we came up with that could fly is to have a
‘secret-service-type’ (ah ha!), which you could extend with key/value
pairs.  At run time, secrets could be fetched from the local file
system or by querying a daemon.

Food for thought!

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

Secrets in (generated) configs. How to deal with them?, raingloom, 2020/06/08
- Re: Secrets in (generated) configs. How to deal with them?, Julien Lepiller, 2020/06/08
- Re: Secrets in (generated) configs. How to deal with them?, Ludovic Courtès <=

Prev by Date: Re: Advice on package naming
Next by Date: Re: Canonical-packages restoration.
Previous by thread: Re: Secrets in (generated) configs. How to deal with them?
Next by thread: Canonical-packages restoration.
Index(es):
- Date
- Thread