Added comments about seccureKeys for configuration files encryption

svn path=/nixos/trunk/; revision=12342
2025-04-14 06:07:37 +00:00 · 2008-07-11 08:01:09 +00:00 · 2008-07-11 08:01:09 +00:00 · 0ac32cbb99
commit 0ac32cbb99
parent 48ec05d257
1 changed files with 7 additions and 1 deletions
--- a/system/options.nix
+++ b/system/options.nix
@ -2467,7 +2467,13 @@
        default = /var/elliptic-keys/public;
 	description = "
 	  Public key. Make it path argument, so it is copied into store and
-	  hashed.
+	  hashed. 
+
+	  The key is used to encrypt Gateway 6 configuration in store, as it
+	  contains a password for external service. Unfortunately, 
+	  derivation file should be protected by other means. For example, 
+	  nix-http-export.cgi will happily export any non-derivation path,
+	  but not a derivation.
 	";
      };
      private = mkOption {