pkg/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2025-12-26 14:14:58 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

sops-install-secrets: use noswap mount option with tmpfs

Browse source
This commit is contained in:
Amine Hassane 2025-08-24 23:16:34 +01:00 committed by Jörg Thalheim
parent edb2a27167
commit 10957db2de
5 changed files with 23 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/sops/default.nix
View file

@ -306,7 +306,7 @@ in
Use tmpfs in place of ramfs for secrets storage.
*WARNING*
Enabling this option has the potential to write secrets to disk unencrypted if the tmpfs volume is written to swap. Do not use unless absolutely necessary.
On Linux kernels earlier than 6.4, enabling this option has the potential to write secrets to disk unencrypted if the tmpfs volume is written to swap. Do not use unless absolutely necessary.
When using a swap file or device, consider enabling swap encryption by setting the `randomEncryption.enable` option