This repository has been archived on 2026-03-10. You can view files and clone it. You cannot open issues or pull requests or push a commit.

Torjus Håkestad cc369e6385 security: add connectionStringFile option for PostgreSQL secrets ...

The connectionString option stores credentials in the world-readable
Nix store. This adds connectionStringFile as an alternative that reads
the connection string from a file at runtime, compatible with secret
management tools like agenix or sops-nix.

Changes:
- Add database.connectionStringFile option (mutually exclusive with connectionString)
- Read connection string from file at service start when configured
- Add warning to connectionString documentation about Nix store visibility
- Update README with examples for both approaches

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-03 19:13:20 +01:00

6.2 KiB

Raw Blame History

View Raw