neocturne
commented
10 months ago Using the include with just a secret is the recommended way to structure your configs, but you're right that it could be made clearer in the docs.
Open herbetom opened 10 months ago
neocturne
commented
10 months ago Using the include with just a secret is the recommended way to structure your configs, but you're right that it could be made clearer in the docs.
herbetom
commented
10 months ago The main reason to have this as a dedicated feature is in my eyes that it then wouldn't require some sort of wrapper or treating secret "..."; as your secret in your secret management solution which may only allow tracking whole files.
But recomending a include in the docs also achieves the goal of helping people not leaking their secrets. :+1:
It would be nice if rather then setting the secret directly within the config it would be possible to set a path to where the secret is located.
Something like a
secret file "/run/keys/fastd-secret"config option.This way accidentally leaking secrets would be quite a bit harder (it has already hapened in the past while sharing our rendererd config).
A workarround is to create a file with just the secret and include it:
This hoewer requires to put that "secret" wrapper arround the actual key. And with it not beeing a straight forward option in the docs most likely less likely to be implemented that way.