Re: Where to store configurable secrets? In group-readable etc/app.conf ?

From: Chris <>
Date: Wed, 18 May 2022 15:29:52 UTC
On 2022-05-18 01:26, Pat Maddox wrote:
> I am working on an app that reads database credentials from DATABASE_URL env 
> var.
> I've got an rc script that starts it up fine. I want to double-check how I 
> should
> be configuring it: I have put it in /usr/local/etc/myapp.conf chmod 770.
That ought to be 0644 or 644 depending on other things, even 640
> Is that right, or is there some other mechanism for setting secret env vars 
> for rc scripts?
Have a look at some other ports that need to set these sorts of things up; 
php, mysql, knot,
unbound, etc...
> Pat