Marc Weber <marco-owe...@gmx.de> writes: > Right now you should not put passwords into the store, because its world > readable by default. The common workaround is to store files at /root > and put the path into the /store instead, right? > > What about creating a new primop which allows to write arbitrary files? > > Then you could do this: > > services.foo = { > passwordFile = builtins.__writeArbitraryFile "/root/password-for-xy" > 'top-secret-password'; # should return the path > } > > This way it could be ensured that the files have the correct format - > and no passwords would be written to the store, right? > > Does this make any sense?
It sounds useful indeed. However, I don't like the idea of storing passwords and secrets anywhere. Indeed the store itself is readable by all, so /root or some other dir with 700 root:root is way better, but all in all, I would rather use encryption or some keyring thing. Right now, I need to distribute and sync my "secure files" to multiple machines. If I could just store the mysql password in the store, gpg encrypted, that would make things a lot easier. As files can be encrypted for multiple receivers, I can manage permissions through that mechanism and just store everything in 1 place (channel). Then, during activation of a new configuration, when some password is needed (like when creating a mysql database), "gpg -d" would give a passphrase prompt to the person who has chosen this config. To avoid interactivity, a passphrase-less key can be used (granted, then we're back to the current security-level where gaining root/physical access gives you all plain passwords), or gpg-agent. Mathijs > > It would be useful for creating mysql databases and the like. > > Marc Weber > _______________________________________________ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev _______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev