The original implementation had a few issues: * The secret was briefly leaked since it is part of the cmdline for `sed(1)` and on Linux `cmdline` is world-readable. * If the secret would contain either a `,` or a `"` it would mess with the `sed(1)` expression itself unless you apply messy escape hacks. To circumvent all of that, I decided to use `replace-secret` which allows you to replace a string inside a file (in this case `#static-auth-secret#`) with the contents of a file, i.e. `cfg.static-auth-secret-file` without any of these issues. |
||
---|---|---|
.. | ||
doc | ||
lib | ||
maintainers | ||
modules | ||
tests | ||
COPYING | ||
default.nix | ||
README | ||
release-combined.nix | ||
release-small.nix | ||
release.nix |
*** NixOS *** NixOS is a Linux distribution based on the purely functional package management system Nix. More information can be found at https://nixos.org/nixos and in the manual in doc/manual.