[Nix-dev] store & passwords - once again
Eelco Dolstra
eelco.dolstra at logicblox.com
Thu Jul 26 15:30:20 CEST 2012
Hi,
On 26/07/12 01:35, Marc Weber wrote:
> Right now you should not put passwords into the store, because its world
> readable by default. The common workaround is to store files at /root
> and put the path into the /store instead, right?
>
> What about creating a new primop which allows to write arbitrary files?
Here is another possible solution:
https://github.com/NixOS/nix/issues/8
> Then you could do this:
>
> services.foo = {
> passwordFile = builtins.__writeArbitraryFile "/root/password-for-xy" 'top-secret-password'; # should return the path
> }
This is impure. And that really matters. For instance, if (say) Charon copies
the resulting closure to another machine, /root/password-for-xy will be missing.
--
Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/
More information about the nix-dev
mailing list