summaryrefslogtreecommitdiffstats
path: root/docs/CREDENTIALS.md
diff options
context:
space:
mode:
authorAdrian Wannenmacher <tfld@tfld.dev>2024-05-06 20:53:02 +0200
committerLuca Boccassi <luca.boccassi@gmail.com>2024-05-07 11:02:31 +0200
commit3a1694803b2096152fa50dcac64b62276c329fac (patch)
tree008607e73c2d91ad178d173e1e799db2e2630221 /docs/CREDENTIALS.md
parentMerge pull request #32635 from poettering/cryptenroll-no-pcrlock-conflict (diff)
downloadsystemd-3a1694803b2096152fa50dcac64b62276c329fac.tar.xz
systemd-3a1694803b2096152fa50dcac64b62276c329fac.zip
docs: minor improvements to CREDENTIALS.md
This commit fixes two instances of a miscount. As the number is not important in either case, and seemingly subject to changes, it was removed entirely. Another sentence was reworded to improve readability.
Diffstat (limited to 'docs/CREDENTIALS.md')
-rw-r--r--docs/CREDENTIALS.md7
1 files changed, 4 insertions, 3 deletions
diff --git a/docs/CREDENTIALS.md b/docs/CREDENTIALS.md
index bb76e55055..1203f61bb2 100644
--- a/docs/CREDENTIALS.md
+++ b/docs/CREDENTIALS.md
@@ -67,7 +67,8 @@ purpose. Specifically, the following features are provided:
## Configuring per-Service Credentials
-Within unit files, there are four settings to configure service credentials.
+Within unit files, there are the following settings to configure service
+credentials.
1. `LoadCredential=` may be used to load a credential from disk, from an
`AF_UNIX` socket, or propagate them from a system credential.
@@ -94,7 +95,7 @@ Each credential configured with these options carries a short name (suitable
for inclusion in a filename) in the unit file, under which the invoked service
code can then retrieve it. Each name should only be specified once.
-For details about these four settings [see the man
+For details about these settings [see the man
page](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Credentials).
It is a good idea to also enable mount namespacing for services that process
@@ -208,7 +209,7 @@ via `systemd-creds cat`.
## Encryption
Credentials are supposed to be useful for carrying sensitive information, such
-as cryptographic key material. For this kind of data (symmetric) encryption and
+as cryptographic key material. For such purposes (symmetric) encryption and
authentication are provided to make storage of the data at rest safer. The data
may be encrypted and authenticated with AES256-GCM. The encryption key can
either be one derived from the local TPM2 device, or one stored in