Environment file as defined in <a href="https://www.mankier.com/5/systemd.exec" rel="nofollow"><a href="https://www.mankier.com/5/systemd.exec" rel="nofollow">systemd.exec(5)</a></a>.Secrets may be passed to the service without adding them to the world-readable Nix store, by specifying placeholder variables as the option value in Nix and setting these variables accordingly in the environment file.Snippet of HedgeDoc config containing a secret:<pre><code>services.hedgedoc.settings.dbURL = "postgres://hedgedoc:\${DB_PASSWORD}@db-host:5432/hedgedocdb";
</code></pre>and the content of this environment file:<pre><code> DB_PASSWORD=verysecretdbpassword
```
</code></pre>

services.hedgedoc.environmentFile

Environment file as defined in systemd.exec(5).Secrets may be passed to the service without adding…