I'm kind of convinced that we want to do this, but also it's a significant change in the behaviour of the daemon, hence RFC prefix. This stemmed from a discussion with a user who wants us to use something more secure than base64 encoded secret values stored on a disk. They suggested storing the values in TPM and while that might sound like a good idea, I suggested using ephemeral secrets for the time being. Well, because of '--timeout 120', ephemeral secrets are short lived, indeed. Meanwhile, let me see if there's a library we could use to talk to TPM. Michal Prívozník (1): secret: Inhibit shutdown for ephemeral secrets src/secret/secret_driver.c | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) -- 2.38.2
