doc: add readFile anti-pattern

This commit is contained in:
Ryan Mulligan 2022-04-02 15:10:25 -07:00
parent 764c975e74
commit f2ff19dc81

View file

@ -304,6 +304,18 @@ authentication code (MAC) like other implementations like GPG or
[sops](https://github.com/Mic92/sops-nix) have, however this was left [sops](https://github.com/Mic92/sops-nix) have, however this was left
out for simplicity in `age`. out for simplicity in `age`.
### builtins.readFile anti-pattern
```nix
{
# Do not do this!
config.password = builtins.readFile config.age.secrets.secret1.path;
}
```
This can cause the cleartext to be placed into the world-readable Nix
store. Instead, have your services read the cleartext path at runtime.
## Acknowledgements ## Acknowledgements
This project is based off of [sops-nix](https://github.com/Mic92/sops-nix) created Mic92. Thank you to Mic92 for inspiration and advice. This project is based off of [sops-nix](https://github.com/Mic92/sops-nix) created Mic92. Thank you to Mic92 for inspiration and advice.