[systemd-devel] How to get Credential into Environment variable?
chandler
scar at riseup.net
Tue Sep 26 11:39:56 UTC 2023
Hi all,
I'm not quite grasping something here... I've just learned about
`systemd-creds` and now trying to utilize it with a service which
depends on a secret stored in an environment variable (or passed as a
CLI option).
Normally I could use a line like:
`Environment=SEC=1234`
Now I've:
1) Given "1234" to `systemd-ask-password -n | systemd-creds encrypt
--name=secret --pretty - -`
2) Put the resulting `SetCredentialEncrypted=secret: ...` under the
[Service] section
3) Failing with `Environment=SEC=%d/secret`
Now `SEC=/run/credentials/myService.service/secret` but I need the value
from the file, which I verified with a simple `ExecStart=checkEnv.sh`
which runs `cat ${SEC}` which prints `1234`.
Also tried putting the secret, e.g. "1234", into a temp file `/tmp/sec`
and ran:
`systemd-creds encrypt --name=secret --pretty /tmp/sec -`
but the results are the same.
How to get `SEC=1234` basically? I have to use `ExecStartPre=` and run
a pre-script that defines `SEC` with shell code? Something like
`SEC=$(cat %d/secret)` is all that's needed right? Or it needs to be
exported too at this point? Doesn't that defeat the purpose of
`systemd-creds` now? Maybe I can just put that in the `ExecStart=` line
instead... will keep trying in the mean time
Thanks
More information about the systemd-devel
mailing list