Systemd supports credential which will place the credential in non-swappable memory, with access restriction, and supports encryption with TPM2 chip. It would be nice if ACME can add some related configurations to allow users to use this functionality. Adding LoadCredentialEncrypted or SetCredentialEncrypted to systemd.services.<name>.serviceConfig should suffice.
LiGoldragon
commented
10 months ago
Issue description
Systemd supports credential which will place the credential in non-swappable memory, with access restriction, and supports encryption with TPM2 chip. It would be nice if ACME can add some related configurations to allow users to use this functionality. Adding
LoadCredentialEncryptedorSetCredentialEncryptedtosystemd.services.<name>.serviceConfigshould suffice.Notify Maintainers
@NixOS/acme