I’m working on a snap that will need encrypted files supplied as after the snap is installed, (e.g. the encrypted files are not part of the snap). Those encrypted files should be located in a keystore-path.
The snap runs a service, which needs a password + the files located in the keystore-path to start. The password lives in a password-file
The startup looks something like this:
./foobar-bin --password-filename /opt/password-file --keystore-path /opt/
I’m looking for some advice and/or examples on how to implement this within a snap context.
- How to supply/make accessible the encrypted files in the keystore-path?
- How to get a password into a password-filename accessible to the snap service - in a secure way? Possibly by some facility available in the snap world?
Any advice here is welcome.
Ideally, I would be able to use some facility to keep the password inside the “password-file” even safer. But that’s a bonus I guess.