diff options
| author | Vivien Kraus <vivien@planete-kraus.eu> | 2021-07-30 21:10:21 +0200 |
|---|---|---|
| committer | Vivien Kraus <vivien@planete-kraus.eu> | 2021-08-01 15:25:08 +0200 |
| commit | d8c2ca930673da858d63f2dea9526c259a2dd936 (patch) | |
| tree | 74dc6f309123380bac8ccdff1c0eb7056602e5fb /guix/vkraus/services/disfluid.scm | |
| parent | 0367cbc75712f4be692a1ec3d37510cf2751ca3a (diff) | |
Load the encrypted password from a file
This is more secure, because you can restrict the password file to be
only readable by the service user.
Diffstat (limited to 'guix/vkraus/services/disfluid.scm')
| -rw-r--r-- | guix/vkraus/services/disfluid.scm | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/guix/vkraus/services/disfluid.scm b/guix/vkraus/services/disfluid.scm index ba2e976..bf7078c 100644 --- a/guix/vkraus/services/disfluid.scm +++ b/guix/vkraus/services/disfluid.scm @@ -40,7 +40,7 @@ (key-file disfluid-issuer-configuration-key-file (default "/var/lib/disfluid/issuer/key.jwk")) (subject disfluid-issuer-configuration-subject) - (encrypted-password disfluid-issuer-configuration-encrypted-password) + (encrypted-password-file disfluid-issuer-configuration-encrypted-password-file) (jwks-uri disfluid-issuer-configuration-jwks-uri) (authorization-endpoint-uri disfluid-issuer-configuration-authorization-endpoint-uri) @@ -110,7 +110,7 @@ (key-file disfluid-server-configuration-key-file (default "/var/lib/disfluid/server/key.jwk")) (subject disfluid-server-configuration-subject) - (encrypted-password disfluid-server-configuration-encrypted-password) + (encrypted-password-file disfluid-server-configuration-encrypted-password-file) (jwks-uri disfluid-server-configuration-jwks-uri) (authorization-endpoint-uri disfluid-server-configuration-authorization-endpoint-uri) @@ -130,7 +130,7 @@ disfluid-issuer-configuration-issuer disfluid-issuer-configuration-key-file disfluid-issuer-configuration-subject - disfluid-issuer-configuration-encrypted-password + disfluid-issuer-configuration-encrypted-password-file disfluid-issuer-configuration-jwks-uri disfluid-issuer-configuration-authorization-endpoint-uri disfluid-issuer-configuration-token-endpoint-uri @@ -176,7 +176,7 @@ disfluid-server-configuration-server-name disfluid-server-configuration-key-file disfluid-server-configuration-subject - disfluid-server-configuration-encrypted-password + disfluid-server-configuration-encrypted-password-file disfluid-server-configuration-jwks-uri disfluid-server-configuration-authorization-endpoint-uri disfluid-server-configuration-token-endpoint-uri @@ -186,7 +186,7 @@ (define disfluid-issuer-shepherd-service (match-lambda (($ <disfluid-issuer-configuration> - disfluid ccs issuer key-file subject encrypted-password jwks-uri + disfluid ccs issuer key-file subject encrypted-password-file jwks-uri authorization-endpoint-uri token-endpoint-uri port extra-options) (with-imported-modules @@ -218,7 +218,7 @@ "--server-name" #$issuer "--key-file" #$key-file "--subject" #$subject - "--encrypted-password" #$encrypted-password + "--encrypted-password-from-file" #$encrypted-password-file "--jwks-uri" #$jwks-uri "--authorization-endpoint-uri" #$authorization-endpoint-uri "--token-endpoint-uri" #$token-endpoint-uri @@ -371,7 +371,7 @@ (define disfluid-server-shepherd-service (match-lambda (($ <disfluid-server-configuration> - disfluid ccs server-name key-file subject encrypted-password jwks-uri + disfluid ccs server-name key-file subject encrypted-password-file jwks-uri authorization-endpoint-uri token-endpoint-uri port extra-options) (with-imported-modules @@ -403,7 +403,7 @@ "--server-name" #$server-name "--key-file" #$key-file "--subject" #$subject - "--encrypted-password" #$encrypted-password + "--encrypted-password-from-file" #$encrypted-password-file "--jwks-uri" #$jwks-uri "--authorization-endpoint-uri" #$authorization-endpoint-uri "--token-endpoint-uri" #$token-endpoint-uri |