Christian Tietze

Do I know anyone who loves to tinker with #systemd scheduled jobs?

I wonder if it's better than the experience for launchd on Mac for this:

I want to use `goimapnotify` to launch an IMAP notification daemon. But that needs to run mbsync, which needs my IMAP password. That makes all the normal CLI email flow awkward (pass/gpg is fine for TTYs but not for daemons)

How do you deal with this in systemd land?

Apr 8 at 6:35amWeb
Show threadElias Probst1d ago

@ctietze store the secret in a safe place (derived from TPM2, /var/lib/systemd/credential.secret, …) and pass it along to the service using systemd's credentials capabilities:
https://systemd.io/CREDENTIALS/

#systemd #security #credentials

Credentials

Show threadMorten Linderud1d ago

@eliasp @ctietze

You can store them in ~./.local/lib/credstore.encryted for user services as well.

Show threadChristian Tietze1d ago
@Foxboron @eliasp how does decrypting work in practice? Do you get a dialog/prompt/... or anything?