From e41dcb9e27355dd1dfef648b01c6aa2c5fde3c3a Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone <exarkun@twistedmatrix.com> Date: Fri, 14 May 2021 13:53:26 -0400 Subject: [PATCH] move all of the secrets onto transient (tmpfs) storage --- morph/lib/make-issuer.nix | 4 ++-- morph/lib/make-storage.nix | 2 +- morph/lib/make-testing.nix | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/morph/lib/make-issuer.nix b/morph/lib/make-issuer.nix index 9f37d640..e8a6333c 100644 --- a/morph/lib/make-issuer.nix +++ b/morph/lib/make-issuer.nix @@ -15,7 +15,7 @@ secrets = { "ristretto-signing-key" = { source = ristrettoSigningKeyPath; - destination = "/var/secrets/ristretto.signing-key"; + destination = "/run/keys/ristretto.signing-key"; owner.user = "root"; owner.group = "root"; permissions = "0400"; @@ -23,7 +23,7 @@ }; "stripe-secret-key" = { source = stripeSecretKeyPath; - destination = "/var/secrets/stripe.secret-key"; + destination = "/run/keys/stripe.secret-key"; owner.user = "root"; owner.group = "root"; permissions = "0400"; diff --git a/morph/lib/make-storage.nix b/morph/lib/make-storage.nix index c286106a..af0867c8 100644 --- a/morph/lib/make-storage.nix +++ b/morph/lib/make-storage.nix @@ -19,7 +19,7 @@ secrets = { "ristretto-signing-key" = { source = ristrettoSigningKeyPath; - destination = "/var/secrets/ristretto.signing-key"; + destination = "/run/keys/ristretto.signing-key"; owner.user = "root"; owner.group = "root"; permissions = "0400"; diff --git a/morph/lib/make-testing.nix b/morph/lib/make-testing.nix index ee1e2db4..1c0e1305 100644 --- a/morph/lib/make-testing.nix +++ b/morph/lib/make-testing.nix @@ -6,7 +6,7 @@ secrets = { "ristretto-signing-key" = { source = ristrettoSigningKeyPath; - destination = "/var/secrets/ristretto.signing-key"; + destination = "/run/keys/ristretto.signing-key"; owner.user = "root"; owner.group = "root"; permissions = "0400"; -- GitLab