credentials: document that their path is stable for system services

author: Joerg Behrmann <behrmann@physik.fu-berlin.de> 2023-10-20 11:35:04 +0200
committer: Luca Boccassi <luca.boccassi@gmail.com> 2023-10-20 12:44:46 +0200
commit: cf37171890bdaec1dc0cd56828047f4eb899fc3a (patch)
tree: ef1508df23de1c24c024dc21f7fa25dc1794f6f2 /docs/CREDENTIALS.md
parent: netif-naming-scheme: disable NAMING_BRIDGE_MULTIFUNCTION_SLOT (diff)
download: systemd-cf37171890bdaec1dc0cd56828047f4eb899fc3a.tar.xz
systemd-cf37171890bdaec1dc0cd56828047f4eb899fc3a.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/docs/CREDENTIALS.md b/docs/CREDENTIALS.md
index 0ae0469064..f508c84f4c 100644
--- a/docs/CREDENTIALS.md
+++ b/docs/CREDENTIALS.md
@@ -468,7 +468,12 @@ READY=1
 ## Relevant Paths
 
 From *service* perspective the runtime path to find loaded credentials in is
-provided in the `$CREDENTIALS_DIRECTORY` environment variable.
+provided in the `$CREDENTIALS_DIRECTORY` environment variable. For *system
+services* the credential directory will be `/run/credentials/<unit name>`, but
+hardcoding this path is discouraged, because it does not work for *user
+services*. Packagers and system administrators may hardcode the credential path
+as a last resort for software that does not yet search for credentials relative
+to `$CREDENTIALS_DIRECTORY`.
 
 From *generator* perspective the runtime path to find credentials passed into
 the system in plaintext form in is provided in `$CREDENTIALS_DIRECTORY`, and
author	Joerg Behrmann <behrmann@physik.fu-berlin.de>	2023-10-20 11:35:04 +0200
committer	Luca Boccassi <luca.boccassi@gmail.com>	2023-10-20 12:44:46 +0200
commit	cf37171890bdaec1dc0cd56828047f4eb899fc3a (patch)
tree	ef1508df23de1c24c024dc21f7fa25dc1794f6f2 /docs/CREDENTIALS.md
parent	netif-naming-scheme: disable NAMING_BRIDGE_MULTIFUNCTION_SLOT (diff)
download	systemd-cf37171890bdaec1dc0cd56828047f4eb899fc3a.tar.xz systemd-cf37171890bdaec1dc0cd56828047f4eb899fc3a.zip