-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Permissions of secrets.d generations #369
Comments
Could you run |
It is true Now the symlinks weren't created by myself but by the newly introduced option in sops-nix , so I don't know if there should be a check for this kind of unsecurity or if secret files should be hashed or if this should be blamed on the user. |
I am using the home-manager module.
I've censored some
ls
commands to illustrate the issue:As you can tell my directory
/run/user/1000/secrets.d/2
is readable by other users. However, I do not necessarily want to let other users know what kind of passwords I store even if they can't read them. To at least have the option of privacy I think the easiest fix would be to XOR all permissions of the keys and set it as the permission of the generations directory.The text was updated successfully, but these errors were encountered: