Secrets
Mio uses pass as the secret store backend for Core and Upstream, ensuring seamless and secure integration. Built on GnuPG identities, pass aligns perfectly with our file- and identity-centric world.
The main sections are:
ctl: Stores API credentials.eyes-only: Stores private instance-related secrets to limit instance capabilities.id: Stores all known identities and public keys with owner trust information.instance: Stores instance secrets.instances: Stores shared secrets across instances. This violates the ADR rule of "No Shared Secrets."
mio-pass
This shows a secret store with two identities: one named ci and one named achird
Password Store
├── ctl
│ ├── api
│ │ ├── dns
│ │ └── hcloud
│ └── backup
│ ├── ro
│ │ └── api
│ ├── api
│ ├── rc
│ └── storagebox
├── eyes-only
│ └── achird
│ ├── app
│ │ └── superuser
│ ├── backup
│ │ ├── repokey
│ │ └── repokey.paper
│ ├── sec
│ │ ├── keys
│ │ ├── keys.pw
│ │ └── keys.rev
│ └── sub
│ └── keys
├── id
│ ├── ci
│ │ ├── gpg
│ │ └── ownertrust
│ └── achird
│ ├── gpg
│ └── ownertrust
├── instance
│ └── achird
│ ├── app
│ │ └── pgpass
│ └── backup
│ └── repokey.pw
└── instances
└── app
└── default.pw