sops-nix icon indicating copy to clipboard operation
sops-nix copied to clipboard
verified publisher icon Mic92

Support changing permissions on secret directories

Open virchau13 opened this issue 4 years ago • 4 comments

I have a whole bunch of secrets stored in the /run/secrets/scripts directory. I want to put the directory /run/secrets/scripts into a non-root user's $PATH, but since that user doesn't have permission to read the directory, it doesn't work.

This can be worked around by manually symlinking to the secrets, but it would be great to have this as a normal feature.

virchau13 avatar Dec 26 '21 13:12 virchau13

Not sure what the configuration would look for this since permissions are nested...

Mic92 avatar Dec 28 '21 09:12 Mic92

Two ideas pop into my head, one in yaml, one in nix:

slapd:
  __dirMode: 0755
  __dirOwner: slapd
  password: abc

{
  sops.secrets."slapd/password" = {};
  sops.dirPermissions.slapd = {
    mode = "0755";
    owner = "slapd";
  };
}

dasJ avatar Dec 28 '21 10:12 dasJ

Mhm, this seems like quite a bit of extra complexity for each feature that not many people use.

Mic92 avatar Dec 29 '21 09:12 Mic92