mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

todo

Browse source
This commit is contained in:
Joey Hess 2024-04-26 04:03:10 -04:00
parent e3c5f0079d
commit 84611e7ee6
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
doc/todo/use_systemd_credential_system_for_git-annex_credentials.mdwn Normal file
View file

@ -0,0 +1,15 @@
systemd v256 will have support for credentials that are encrypted at rest,
locked against the system's TPM, and can be used by a per-user service
(prior versions only supported it for system services).
<https://mastodon.social/@pid_eins/112336318532407967>
This is a much more secure way to store credentials than git-annex's
current `.git/annex/creds/` which is only protected by unix permissions,
and so it would make sense for git-annex to use it.
It would need a way for git-annex to start a systemd user service when
it needs access to a credential.
Note that GNOME/XDG desktop secret managers have work underway to support
this systemd feature, so git-annex might be able to alternatively use them
to access creds rather than using a systemd unit directly. --[[Joey]]