We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
other
Most of dedicated servers are delivered with unencrypted system.
UseHostPrivatetKey UseTpmPublicKey
systemd-creds setup Credential secret file '/var/lib/systemd/credential.secret' is not located on encrypted media, using anyway.
cp /var/lib/systemd/credential.secret /encrypted/volume/private/key/here/credential.secret
rm -f /var/lib/systemd/credential.secret
cat '/etc/systemd/system/[email protected]/credentials.conf'
[Service] SetCredentialEncrypted=public_key_name: \...CREDENTIAL_HERE_PART_1...== SetCredentialEncrypted=private_key_name: \...CREDENTIAL_HERE_PART_2...== UseHostPrivatetKey=/encrypted/volume/private/key/here/credential.secret #UseTpmPublicKey=/encrypted/volume/public.pem
systemctl daemon-reload
systemctl start 'dinetxum-stage@testnet1'
Read it from related service
255
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Component
other
Is your feature request related to a problem? Please describe
Most of dedicated servers are delivered with unencrypted system.
Describe the solution you'd like
Allow per-service custom credentials decryption key configuration option
UseHostPrivatetKey
UseTpmPublicKey
Usage example
Generate per-service custom host decryption key
Save to encrypted volume
Delete key
Generate default host decryption key
Print service systemd configuration file
Reload daemon
Start service
Use of decrypted service credentials
Read it from related service
Describe alternatives you've considered
The systemd version you checked that didn't have the feature you are asking for
255
The text was updated successfully, but these errors were encountered: