Re: Deferring evaluation of a get-secret procedure so -L doesn't evaluat

help-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Deferring evaluation of a get-secret procedure so -L doesn't evaluat

From:	Tomas Volf
Subject:	Re: Deferring evaluation of a get-secret procedure so -L doesn't evaluate it unless needed for build
Date:	Fri, 5 Jan 2024 13:17:32 +0100

Hi,

I cannot help you with your question, but completely unsolicited feedback
regarding this snippet:

On 2024-01-04 12:28:28 -0500, Richard Sent wrote:
> --8<---------------cut here---------------start------------->8---
> (define wireguard-lan-secret-service
>   (service
>    (wireguard-configuration
>     ...
>     (private-key
>      (plain-file "private.key"
>                  (get-secret*
>                   "System/WireGuard/LAN/private.key"))))))
> --8<---------------cut here---------------end--------------->8---

Storing secret keys in the store might not be the best idea, since they will be
world readable.

Have a nice day,
Tomas Volf

--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Deferring evaluation of a get-secret procedure so -L doesn't evaluate it unless needed for build, Richard Sent, 2024/01/04
- Re: Deferring evaluation of a get-secret procedure so -L doesn't evaluate it unless needed for build, Tomas Volf <=

Prev by Date: Guix-packaged Emacs 29+ alpha-background parameter does not work
Next by Date: home-syncthing-service-type wants /root paths, yet syncthing can work
Previous by thread: Deferring evaluation of a get-secret procedure so -L doesn't evaluate it unless needed for build
Next by thread: Guix-packaged Emacs 29+ alpha-background parameter does not work
Index(es):
- Date
- Thread