I see this was posted 16 hours ago. Mirrors are back online. ( i didn’t notice the outage)

Thanks for the quick response :)

I read through the operator notes yesterday.

To avoid any possibility of leaking sensitive information, it’s best to store secrets in a dedicated service such as Hashicorp Vault.

I just wish there was a short example on how to use:

• vault + ignition
• or vault + systemd
• or vault + podman

I just asked ChatGPT and it’s solution seems good:

Within the Unit File, in the PreStart condition, retreive the secrets from vault.

[Unit]
Description=Your Service
...

[Service]
ExecStartPre=/usr/local/bin/fetch_vault_secret.sh
Environment="SECRET_KEY=%i"  # Replace %i with the actual secret path in Vault

ExecStart=/path/to/your/service

[Install]
...

Where the fetch_vault_secret.sh script looks like this:

#!/bin/bash
export VAULT_ADDR="https://vault.lan:8200"
export VAULT_TOKEN="your-vault-token"

SECRET_KEY="${SECRET_KEY//\//%2F}"  # Replace / with %2F in the secret path

secret_value=$(vault kv get -field=value secret/${SECRET_KEY})
export SECRET_VALUE="$secret_value"

I’ll play with it some, and post the results back later.

If anyone has a better solution please let me know :)

I know this is an older post but I’ll comment anyway.

I haven’t been getting any errors, but sometimes when I browse, I’d be scrolling through the comments of a post, and suddenly the post would change.

I didn’t dig into it much, but if it starts happening more often, I’ll record my network traffic (for the browser) and attach the .har file.

Technically correct, much like you can’t do anything about what your neighbour does in their own home.

However, what sh.itjust.works and lemmy.ml can do is block ‘bad server’ communication.

They can also enforce rules on their own ‘home’ as it were.