kyra(hardening): step-ca service secrets managment

Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
2026-05-03 16:03:09 +03:00 · 2026-05-03 16:03:09 +03:00 · a04279affe
commit a04279affe
parent 8894fdb401
1 changed files with 13 additions and 0 deletions
--- a/kyra/systemd/step-ca-service.nix
+++ b/kyra/systemd/step-ca-service.nix
@ -0,0 +1,13 @@
+{config, ...}: {
+  systemd = {
+    services = {
+      "step-ca" = {
+        serviceConfig = {
+          EnvironmentFile = [
+            config.sops.templates."step-ca.env".path
+          ];
+        };
+      };
+    };
+  };
+}