-
Notifications
You must be signed in to change notification settings - Fork 223
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
more security for configuration files #106
base: master
Are you sure you want to change the base?
Conversation
more restricted permissons
Hi, Sorry for deleting my old comment, you can ignore it. What type of sensitive info are you storing in these files? |
We store there proxy passwords: |
Ah, for sensitive environment variables I wonder if you would be better off using |
When i get you right i then have to manage that file separately right? From my side that could be an option but i dont see the point not to change the permissions to 640 |
From my point of view it is possible to pass secrets via variables (ie. "docker__systemd_override") to these files. So this change is a little bit harding for this role. |
Yep @mdreyer31's suggestion is what you could do in this case, at least for right now. You could do something like this: docker__systemd_override: "EnvironmentFile=/path/to/secure/env/file" That will create a And as you discovered, you would be responsible for putting that What sensitive data are you storing in the |
more secure settings for configuration due to sensitve data in it