diff options
author | Adrian Wannenmacher <tfld@tfld.dev> | 2024-05-06 20:53:02 +0200 |
---|---|---|
committer | Luca Boccassi <luca.boccassi@gmail.com> | 2024-05-07 11:02:31 +0200 |
commit | 3a1694803b2096152fa50dcac64b62276c329fac (patch) | |
tree | 008607e73c2d91ad178d173e1e799db2e2630221 /docs/CREDENTIALS.md | |
parent | Merge pull request #32635 from poettering/cryptenroll-no-pcrlock-conflict (diff) | |
download | systemd-3a1694803b2096152fa50dcac64b62276c329fac.tar.xz systemd-3a1694803b2096152fa50dcac64b62276c329fac.zip |
docs: minor improvements to CREDENTIALS.md
This commit fixes two instances of a miscount. As the number is not important in either case, and seemingly subject to changes, it was removed entirely.
Another sentence was reworded to improve readability.
Diffstat (limited to 'docs/CREDENTIALS.md')
-rw-r--r-- | docs/CREDENTIALS.md | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/docs/CREDENTIALS.md b/docs/CREDENTIALS.md index bb76e55055..1203f61bb2 100644 --- a/docs/CREDENTIALS.md +++ b/docs/CREDENTIALS.md @@ -67,7 +67,8 @@ purpose. Specifically, the following features are provided: ## Configuring per-Service Credentials -Within unit files, there are four settings to configure service credentials. +Within unit files, there are the following settings to configure service +credentials. 1. `LoadCredential=` may be used to load a credential from disk, from an `AF_UNIX` socket, or propagate them from a system credential. @@ -94,7 +95,7 @@ Each credential configured with these options carries a short name (suitable for inclusion in a filename) in the unit file, under which the invoked service code can then retrieve it. Each name should only be specified once. -For details about these four settings [see the man +For details about these settings [see the man page](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Credentials). It is a good idea to also enable mount namespacing for services that process @@ -208,7 +209,7 @@ via `systemd-creds cat`. ## Encryption Credentials are supposed to be useful for carrying sensitive information, such -as cryptographic key material. For this kind of data (symmetric) encryption and +as cryptographic key material. For such purposes (symmetric) encryption and authentication are provided to make storage of the data at rest safer. The data may be encrypted and authenticated with AES256-GCM. The encryption key can either be one derived from the local TPM2 device, or one stored in |