[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Secrets in (generated) configs. How to deal with them?
From: |
Ludovic Courtès |
Subject: |
Re: Secrets in (generated) configs. How to deal with them? |
Date: |
Tue, 09 Jun 2020 18:24:38 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Hi,
raingloom <raingloom@riseup.net> skribis:
> I'm trying to package Yggdrasil as a Guix service and I took a look at
> what NixOS does and they actually don't simply generate the config in
> the store, instead it's combined with another input of the service and
> the combined JSON is fed to Yggdrasil on stdin.
>
> Is this how I should do it as well? Or maybe the Guix store can make
> some outputs private?
This is one of the things we discussed at the Guix Days:
https://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/doc/guix-days-2020/guix-secrets.org
One of the ideas we came up with that could fly is to have a
‘secret-service-type’ (ah ha!), which you could extend with key/value
pairs. At run time, secrets could be fetched from the local file
system or by querying a daemon.
Food for thought!
Ludo’.