Signing back into the Community for the first time? You'll need to reset your password to access your account.  Find out more.

Forum Discussion

XIII's avatar
XIII
Trusted Contributor
3 years ago

How to inject a secret into the environment via a systemd service definition?

I want to inject a secret (password) into the environment for a systemd service, using either Environment= or EnvironmentFile= . What I tried (and what failed): 1. Environment Environm...
CLI
Former Member's avatar
Former Member
3 years ago

Hey XIII, thanks for reaching out to us!

I think another solution here might be to pass the secret references as environment variables, and to use op run to prefix your ExecStart Command. I played a bit with this with the manual authentication process, hardcoding my session token, and managed to get something like this working:

[Service]
User=horia
Environment="OP_CONFIG_DIR=/home/horia/.config/op"
Environment="VAR=op://test-vault/docker/username"
Environment="OP_SESSION_<my_id>=<my_session_token>"
ExecStart=/usr/bin/op run --no-masking -- bash -c 'echo $VAR'

I assume this can be ported over to the biometric authentication process as well, but, in case you encounter any hurdles, let us know such that we can take another look, in more detail!

Best,
Horia