From a04279affe89ad0730b06a40c4a68a5817ac7640 Mon Sep 17 00:00:00 2001
From: s0me1newithhand7s <git+me@hand7s.org>
Date: Sun, 3 May 2026 16:03:09 +0300
Subject: [PATCH] kyra(hardening): step-ca service secrets managment

Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
---
 kyra/systemd/step-ca-service.nix | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 kyra/systemd/step-ca-service.nix

diff --git a/kyra/systemd/step-ca-service.nix b/kyra/systemd/step-ca-service.nix
new file mode 100644
index 0000000..cd61269
--- /dev/null
+++ b/kyra/systemd/step-ca-service.nix
@@ -0,0 +1,13 @@
+{config, ...}: {
+  systemd = {
+    services = {
+      "step-ca" = {
+        serviceConfig = {
+          EnvironmentFile = [
+            config.sops.templates."step-ca.env".path
+          ];
+        };
+      };
+    };
+  };
+}