Persist OpenBao secrets in /var/lib and make readiness non-blocking

2026-01-27 17:28:39 -06:00 · 2026-01-27 17:28:39 -06:00 · 15fccd2ff4
commit 15fccd2ff4
parent 8b54a94c54
6 changed files with 123 additions and 85 deletions
--- a/flakes/secrets-bao/flake.nix
+++ b/flakes/secrets-bao/flake.nix
@ -42,7 +42,7 @@
            fragments = builtins.attrValues (builtins.mapAttrs (
              name: s:
              let
-                secretPath = s.path or ("/run/secrets/" + name);
+                secretPath = s.path or ("/var/lib/openbao-secrets/" + name);
              in
              substitute secretPath (s.configChanges or { })
            ) secrets);
@ -85,7 +85,7 @@
            fragments = builtins.attrValues (builtins.mapAttrs (
              name: s:
              let
-                secretPath = s.path or ("/run/secrets/" + name);
+                secretPath = s.path or ("/var/lib/openbao-secrets/" + name);
              in
              substitute secretPath (s.hmChanges or { })
            ) secrets);