neocturne
commented
7 months ago Using the include with just a secret is the recommended way to structure your configs, but you're right that it could be made clearer in the docs.
Open herbetom opened 8 months ago
neocturne
commented
7 months ago Using the include with just a secret is the recommended way to structure your configs, but you're right that it could be made clearer in the docs.
herbetom
commented
7 months ago The main reason to have this as a dedicated feature is in my eyes that it then wouldn't require some sort of wrapper or treating secret "..."; as your secret in your secret management solution which may only allow tracking whole files.
But recomending a include in the docs also achieves the goal of helping people not leaking their secrets. :+1:
It would be nice if rather then setting the secret directly within the config it would be possible to set a path to where the secret is located.
Something like a
secret file "/run/keys/fastd-secret"config option.This way accidentally leaking secrets would be quite a bit harder (it has already hapened in the past while sharing our rendererd config).
A workarround is to create a file with just the secret and include it:
This hoewer requires to put that "secret" wrapper arround the actual key. And with it not beeing a straight forward option in the docs most likely less likely to be implemented that way.