I would like to start a service using a systemd unit file. This service requires a password to start. I don't want to store the password in plaintext in the systemd unit file, because it is world-readable. I also don't want to provide this password interactively.
If I were writing a normal script for this, I would store the credentials in a file owned by root with restricted permissions (400 or 600), and then read the file as part of the script. Is there any particular systemd-style way to do this, or should I just follow the same process as I would in a regular shell script?
Best Answer
There are two possible approaches here, depending on your requirements. If you do not want to be prompted for the password when the service is activated, use the
EnvironmentFile
directive. Fromman systemd.exec
:If you do want to be prompted, you would use one of the
systemd-ask-password
directives. Fromman systemd-ask-password
: