docs: suggest to erase /var/lib/systemd/credential.secret when preparing golden images

author: Lennart Poettering <lennart@poettering.net> 2022-04-22 15:00:48 +0200
committer: Luca Boccassi <luca.boccassi@gmail.com> 2022-04-22 16:51:50 +0200
commit: 005b12674544d105178be8e61b25e8fae52a9112 (patch)
tree: 1fb7ee4269a0029c9b7270b526631a1cfdbc98f4 /docs/BUILDING_IMAGES.md
parent: 0b3a64fed979d91f5b604dc5682cdbad2b1af4b7 (diff)
download: systemd-005b12674544d105178be8e61b25e8fae52a9112.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/BUILDING_IMAGES.md b/docs/BUILDING_IMAGES.md
index 268c8cdb39..878f38f2e6 100644
--- a/docs/BUILDING_IMAGES.md
+++ b/docs/BUILDING_IMAGES.md
@@ -53,6 +53,15 @@ boot. For that it's essential to:
    [`/etc/machine-info`](https://www.freedesktop.org/software/systemd/man/machine-info.html)
    which carry additional identifying information about the OS image.
 
+5. Remove `/var/lib/systemd/credential.secret` which is used for protecting
+   service credentials, see
+   [`systemd.exec(5)`](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Credentials)
+   and
+   [`systemd-creds(1)`](https://www.freedesktop.org/software/systemd/man/systemd-creds.html)
+   for details. Note that by removing this file access to previously encrypted
+   credentials from this image is lost. The file is automatically generated if
+   a new credential is encrypted and the file does not exist yet.
+
 ## Boot Menu Entry Identifiers
 
 The
author	Lennart Poettering <lennart@poettering.net>	2022-04-22 15:00:48 +0200
committer	Luca Boccassi <luca.boccassi@gmail.com>	2022-04-22 16:51:50 +0200
commit	005b12674544d105178be8e61b25e8fae52a9112 (patch)
tree	1fb7ee4269a0029c9b7270b526631a1cfdbc98f4 /docs/BUILDING_IMAGES.md
parent	0b3a64fed979d91f5b604dc5682cdbad2b1af4b7 (diff)
download	systemd-005b12674544d105178be8e61b25e8fae52a9112.tar.gz