The latest articles on DEV Community by Thomas Sjögren (@konstruktoid). https://dev.to/konstruktoid https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3031083%2F0429dcd7-b1b4-4f52-a24b-8a8f5b870d91.jpeg https://dev.to/konstruktoid en Thomas Sjögren Tue, 23 Sep 2025 09:35:39 +0000 https://dev.to/konstruktoid/systemd-v258-is-out-encrypt-your-service-secrets-35ii https://dev.to/konstruktoid/systemd-v258-is-out-encrypt-your-service-secrets-35ii <p><a href="https://github.com/systemd/systemd/releases/tag/v258" rel="noopener noreferrer">systemd v258</a> is out and now has working <a href="https://systemd.io/CREDENTIALS/" rel="noopener noreferrer">user credentials</a>.</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> - name: Encrypt secret community.general.systemd_creds_encrypt: name: web not_after: +30d pretty: true secret: "{{ container_secret }}" user: "{{ container_user }}" register: encrypted_secret - name: Web server container containers.podman.podman_container: name: nginx image: docker.io/konstruktoid/nginx state: quadlet ports: - 8080:80 cap_drop: all capabilities: - chown - dac_override - net_bind_service - setgid - setuid hostname: "{{ ansible_nodename }}" volumes: - "{{ container_user_info.home }}/nginx.conf:/etc/nginx/http.d/default.conf" - "/run/user/{{ container_user_info.uid }}/credentials/nginx.service/web:/var/tmp/web" quadlet_options: - AutoUpdate=registry - Pull=newer - | [Service] {{ encrypted_secret.value }} [Install] WantedBy=default.target </code></pre> </div> ansible linux automation devops