Systemd supports credential which will place the credential in non-swappable memory, with access restriction, and supports encryption with TPM2 chip. It would be nice if ACME can add some related configurations to allow users to use this functionality. Adding LoadCredentialEncrypted or SetCredentialEncrypted to systemd.services.<name>.serviceConfig should suffice.
Issue description
Systemd supports credential which will place the credential in non-swappable memory, with access restriction, and supports encryption with TPM2 chip. It would be nice if ACME can add some related configurations to allow users to use this functionality. Adding
LoadCredentialEncrypted
orSetCredentialEncrypted
tosystemd.services.<name>.serviceConfig
should suffice.Notify Maintainers
@NixOS/acme