From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 22 Apr 2022 13:00:48 +0000 (+0200)
Subject: docs: suggest to erase /var/lib/systemd/credential.secret when preparing golden images
X-Git-Tag: v251-rc2~73
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=005b12674544d105178be8e61b25e8fae52a9112;p=thirdparty%2Fsystemd.git

docs: suggest to erase /var/lib/systemd/credential.secret when preparing golden images
---

diff --git a/docs/BUILDING_IMAGES.md b/docs/BUILDING_IMAGES.md
index 268c8cdb397..878f38f2e69 100644
--- a/docs/BUILDING_IMAGES.md
+++ b/docs/BUILDING_IMAGES.md
@@ -53,6 +53,15 @@ boot. For that it's essential to:
    [`/etc/machine-info`](https://www.freedesktop.org/software/systemd/man/machine-info.html)
    which carry additional identifying information about the OS image.
 
+5. Remove `/var/lib/systemd/credential.secret` which is used for protecting
+   service credentials, see
+   [`systemd.exec(5)`](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Credentials)
+   and
+   [`systemd-creds(1)`](https://www.freedesktop.org/software/systemd/man/systemd-creds.html)
+   for details. Note that by removing this file access to previously encrypted
+   credentials from this image is lost. The file is automatically generated if
+   a new credential is encrypted and the file does not exist yet.
+
 ## Boot Menu Entry Identifiers
 
 The