mynix/agenix
1
0
Fork 0
mirror of https://github.com/ryantm/agenix.git synced 2024-11-22 09:40:47 +03:00
Code Issues Projects Releases Packages Wiki Activity

doc: add readFile anti-pattern

Browse source
This commit is contained in:
Ryan Mulligan 2022-04-02 15:10:25 -07:00
parent 764c975e74
commit f2ff19dc81
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
README.md
View file

@ -304,6 +304,18 @@ authentication code (MAC) like other implementations like GPG or
[sops](https://github.com/Mic92/sops-nix) have, however this was left [sops](https://github.com/Mic92/sops-nix) have, however this was left
out for simplicity in `age`. out for simplicity in `age`.
### builtins.readFile anti-pattern
```nix
{
# Do not do this!
config.password = builtins.readFile config.age.secrets.secret1.path;
}
```
This can cause the cleartext to be placed into the world-readable Nix
store. Instead, have your services read the cleartext path at runtime.
## Acknowledgements ## Acknowledgements
This project is based off of [sops-nix](https://github.com/Mic92/sops-nix) created Mic92. Thank you to Mic92 for inspiration and advice. This project is based off of [sops-nix](https://github.com/Mic92/sops-nix) created Mic92. Thank you to Mic92 for inspiration and advice.