From e41dcb9e27355dd1dfef648b01c6aa2c5fde3c3a Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Fri, 14 May 2021 13:53:26 -0400
Subject: [PATCH] move all of the secrets onto transient (tmpfs) storage
---
morph/lib/make-issuer.nix | 4 ++--
morph/lib/make-storage.nix | 2 +-
morph/lib/make-testing.nix | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/morph/lib/make-issuer.nix b/morph/lib/make-issuer.nix
index 9f37d640..e8a6333c 100644
--- a/morph/lib/make-issuer.nix
+++ b/morph/lib/make-issuer.nix
@@ -15,7 +15,7 @@
secrets = {
"ristretto-signing-key" = {
source = ristrettoSigningKeyPath;
- destination = "/var/secrets/ristretto.signing-key";
+ destination = "/run/keys/ristretto.signing-key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
@@ -23,7 +23,7 @@
};
"stripe-secret-key" = {
source = stripeSecretKeyPath;
- destination = "/var/secrets/stripe.secret-key";
+ destination = "/run/keys/stripe.secret-key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
diff --git a/morph/lib/make-storage.nix b/morph/lib/make-storage.nix
index c286106a..af0867c8 100644
--- a/morph/lib/make-storage.nix
+++ b/morph/lib/make-storage.nix
@@ -19,7 +19,7 @@
secrets = {
"ristretto-signing-key" = {
source = ristrettoSigningKeyPath;
- destination = "/var/secrets/ristretto.signing-key";
+ destination = "/run/keys/ristretto.signing-key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
diff --git a/morph/lib/make-testing.nix b/morph/lib/make-testing.nix
index ee1e2db4..1c0e1305 100644
--- a/morph/lib/make-testing.nix
+++ b/morph/lib/make-testing.nix
@@ -6,7 +6,7 @@
secrets = {
"ristretto-signing-key" = {
source = ristrettoSigningKeyPath;
- destination = "/var/secrets/ristretto.signing-key";
+ destination = "/run/keys/ristretto.signing-key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
--
GitLab