From cf3d4c28550c3fc1ccdf4b96b511fedf826371d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Tue, 21 Feb 2023 07:09:09 +0100
Subject: [PATCH] drop warning on tmpfs for XDG_RUNTIME_DIR

fixes https://github.com/Mic92/sops-nix/issues/276
---
 README.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/README.md b/README.md
index bff24ad..79204ac 100644
--- a/README.md
+++ b/README.md
@@ -740,8 +740,7 @@ sops-nix also provides a home-manager module.
 This module provides a subset of features provided by the system-wide sops-nix since features like the creation of the ramfs and changing the owner of the secrets are not available for non-root users.
 
 Instead of running as an activation script, sops-nix runs as a systemd user service called `sops-nix.service`.
-And instead of decrypting to `/run/secrets`, the secrets are decrypted to `$XDG_RUNTIME_DIR/secrets`.
-**Since the secrets are decrypted there, it's highly recommended to use a tmpfs for `$XDG_RUNTIME_DIR` to avoid storing secrets in plain text on persistent storage. Linux distributions using systemd-logind do that out-of-the-box.**
+And instead of decrypting to `/run/secrets`, the secrets are decrypted to `$XDG_RUNTIME_DIR/secrets` that is located on a tmpfs or similar non-persistent filesystem.
 
 Depending on whether you use home-manager system-wide or using a home.nix, you have to import it in a different way.
 This example show the `channel` approach from the example [Install: nix-channel](#nix-channel) for simplicity, but all other methods work as well.