Environment file as defined in <a href="https://www.mankier.com/5/systemd.exec" rel="nofollow"><a href="https://www.mankier.com/5/systemd.exec" rel="nofollow">systemd.exec(5)</a></a>.Secrets may be passed to the service without adding them to the world-readable Nix store, by specifying placeholder variables as the option value in Nix and setting these variables accordingly in the environment file.<pre><code> # snippet of HedgeDoc-related config
 services.hedgedoc.settings.dbURL = "postgres://hedgedoc:\${DB_PASSWORD}@db-host:5432/hedgedocdb";
 services.hedgedoc.settings.minio.secretKey = "$MINIO_SECRET_KEY";
</code></pre><pre><code> # content of the environment file
 DB_PASSWORD=verysecretdbpassword
 MINIO_SECRET_KEY=verysecretminiokey
</code></pre>Note that this file needs to be available on the host on which <code>HedgeDoc</code> is running.

services.hedgedoc.environmentFile

Environment file as defined in systemd.exec(5).Secrets may be passed to the service without adding…