nostr:npub108pv4cg5ag52nq082kd5leu9ffrn2gdg6g4xdwatn73y36uzplmq9uyev6 nostr:npub1sat3yl2hv2df5xmuqj75gvzfmvyxs5x36vaur9jwvjzejtx7y2hskp27a4 nostr:npub1ycnhgr56efxcpvhu7q0er9gqjqttpwhgqgjfgjaj7gpfea5g6xhq4zgshs Where should secrets be stored if not in a file? Do you just mean use an encrypted file always, to store secrets in?
nostr:npub108pv4cg5ag52nq082kd5leu9ffrn2gdg6g4xdwatn73y36uzplmq9uyev6 nostr:npub1ycnhgr56efxcpvhu7q0er9gqjqttpwhgqgjfgjaj7gpfea5g6xhq4zgshs ok, but understand that means all the secrets are effectively on disk at /proc/self/environ. An arbitrary file read (like the two recent Pleroma issues) means full secret disclosure.
I would really recommend against it.
Discussion
nostr:npub1halzvw4rckekndd3l6tv5mzyx9m07v60wnearrfw8x4arcjpm82styg05e nostr:npub108pv4cg5ag52nq082kd5leu9ffrn2gdg6g4xdwatn73y36uzplmq9uyev6 nostr:npub1ycnhgr56efxcpvhu7q0er9gqjqttpwhgqgjfgjaj7gpfea5g6xhq4zgshs file is fine as long as it’s a tmpfs (aka, written to ram and not disk) and also unmounted, deleted, or otherwise made inaccessible after init where it’s been read by the program.