On 11 Jul 2026, at 15:04, Timothée Jaussoin <edhelas@movim.eu> wrote:
Le 11/07/2026 à 12:50, Juliusz Chroboczek a écrit :
...
    sed "s/@PASSWORD@/$pw/" < /etc/galene.conf.template > /tmp/galene.conf
    galene -c /tmp/galene.conf

So I'm not too keen to add code that I'm going to have to maintain forever
just to avoid a few lines of shell.  Is there any reason why you need this
to be done within the server itsef?
Having something like DotEnv (https://www.dotenv.org/docs/) to configure Galene would even be better. Then you can launch it using a standard file and environnement variable (which is really useful when you wrap it in containers :)).

I'd be a bit cautious when it comes to putting secrets in ENV variables (or passing them on the command line) -- as they can leak via an strategic `ps -aux, -elwf, etc) or via a well meaning Nagions, SNMP or other monitoring system.

Best to pass these by root-protected files, via socket/device or on a file descriptor -- e.g. see openssl or pgp/gpg for examples.

With kind regards,

Dw