How to inject a secret into the environment via a systemd service definition?
I want to inject a secret (password) into the environment for a systemd service, using either Environment= or EnvironmentFile=.
What I tried (and what failed):
1. Environment
Environment=password=$(op read op://Vault/Item/password)
However, since such service is not a script, the password will be set to this literal text; the command itself, not its result...
2. EnvironmentFile
As an override:
[Service]
ExecStartPre=op inject -i /etc/default/myservice.tpl -o /etc/default/myservice
ExecStartPost=rm /etc/default/myservice
with this additional line in etc/default/myservice.tpl:
password=op://Vault/Item/password
However, apparently the environment file is read before executing the ExecStartPre command...
Any tips on how I can inject the password into the environment for this service?
1Password Version: CLI 2.0.0
Extension Version: n/a
OS Version: Raspberry Pi OS Bullseye
