Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider switching to LoadCredentials to inject secrets #59

Open
Mic92 opened this issue Jun 1, 2022 · 2 comments
Open

Consider switching to LoadCredentials to inject secrets #59

Mic92 opened this issue Jun 1, 2022 · 2 comments

Comments

@Mic92
Copy link

Mic92 commented Jun 1, 2022

systemd allows to specify unix sockets for LoadCredentials, which would allow to only start a single vault agent + wrapper binary to serve all nixos services with secrets: systemd/systemd#16568
Systemd also take care of the chowning. Then it would be not longer needed to use this complex sidecar service logic.
@Mic92 Mic92 mentioned this issue Jun 1, 2022
Open
@giodamelio
Copy link

numtide has done just that: https://github.com/numtide/systemd-vaultd

There are even some nix modules in there, though they are not documented, so not sure how stable they will be.

@Mic92
Copy link
Author

Mic92 commented Jul 26, 2023

We have them in use for a while to overcome reliability issues of nixos-vault-service. We do not have plans to change them in a non-backwards compatible way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Mic92 @giodamelio