Hi,
Am 24.08.23 um 21:55 schrieb Martin Baulig:
1. My "guix secrets" tool provides a command-line interface to
maintain a "secrets database" (/etc/guix/secrets.db) that's only
accessible to root. It can contain simple passwords, arbitrary
text (like for instance X509 certificates in PEM format) and
binary data.
2. …
3. Finally, "secrets-service-type" depends on all of the above to do
its work.
It takes a /template file/ - which is typically interned in the
store - containing special "tokens" that tell it which keys to
look up from the /secrets database/.
This sounds great and like being a major step towards "guixops" [1], [2].
[1]
https://lists.gnu.org/archive/html/guix-devel/2019-07/msg00435.html[2]
https://lists.gnu.org/archive/html/guix-devel/2017-09/msg00196.html
--
Regards
Hartmut Goebel
| Hartmut Goebel |h.goe...@crazy-compilers.com |
|www.crazy-compilers.com | compilers which you thought are impossible |
