I know it’s best to have secrets in files - but some containers only support env variables.
virtualisation.oci-containers.containers = {
foo = {
image = "....";
environment = {
USER = "foo";
PASSWORD = "secret"; # read from file
};
login = {
registry = "ghcr.io";
username = "tcurdt";
passwordFile = "/run/secrets/registry.github";
};
};
Is there an easy way to read the PASSWORD
from a file instead?
Similar to the login.registry.passwordFile
.