From: Adrian Wannenmacher Date: Mon, 6 May 2024 18:53:02 +0000 (+0200) Subject: docs: minor improvements to CREDENTIALS.md X-Git-Tag: v256-rc2~90 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3a1694803b2096152fa50dcac64b62276c329fac;p=thirdparty%2Fsystemd.git docs: minor improvements to CREDENTIALS.md This commit fixes two instances of a miscount. As the number is not important in either case, and seemingly subject to changes, it was removed entirely. Another sentence was reworded to improve readability. --- diff --git a/docs/CREDENTIALS.md b/docs/CREDENTIALS.md index bb76e55055a..1203f61bb23 100644 --- a/docs/CREDENTIALS.md +++ b/docs/CREDENTIALS.md @@ -67,7 +67,8 @@ purpose. Specifically, the following features are provided: ## Configuring per-Service Credentials -Within unit files, there are four settings to configure service credentials. +Within unit files, there are the following settings to configure service +credentials. 1. `LoadCredential=` may be used to load a credential from disk, from an `AF_UNIX` socket, or propagate them from a system credential. @@ -94,7 +95,7 @@ Each credential configured with these options carries a short name (suitable for inclusion in a filename) in the unit file, under which the invoked service code can then retrieve it. Each name should only be specified once. -For details about these four settings [see the man +For details about these settings [see the man page](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Credentials). It is a good idea to also enable mount namespacing for services that process @@ -208,7 +209,7 @@ via `systemd-creds cat`. ## Encryption Credentials are supposed to be useful for carrying sensitive information, such -as cryptographic key material. For this kind of data (symmetric) encryption and +as cryptographic key material. For such purposes (symmetric) encryption and authentication are provided to make storage of the data at rest safer. The data may be encrypted and authenticated with AES256-GCM. The encryption key can either be one derived from the local TPM2 device, or one stored in