I’ve written a secret management tool named sctl. I just registered the snap this morning and have been toying with builds for a few days now. As the tool reads various
.scuttle.json files found in repositories, the home / network plug would provide insufficient permissions for sctl to operate. I’ve also confirmed use of “personal-files” seems to be insufficient as well as i’d need a full glob pattern, and i have no idea what that would really equate to since anything under any path could potentially contain a
.scuttle.json state file.
If you’d like to peruse the code, here’s a link to the direct code blocks that would be blocked:
While I’m testing, trying to get this into the edge channel - the stores automated review blocks a release for QA.
Ergo, sctl needs classic confinement.
Thanks and all the best