Accept password hash in config

[b12f]

It'd be great if the config file would accept password hashes, so the config can be put in a public repository without compromising the secret.

[quite]

I must say that placing even hashed passwords in the public doesn't seem like a great idea.

[b12f]

A password that's hashed with bcrypt with enough rounds is fine to be published, afaik.

My usecase is the following; we're creating a NixOS configuration and I'd like wayvnc to be available by just enabling one config option. Currently, we take in one password hash for a user, and then just apply that hash everywhere appropriate.

https://git.b12f.io/pub-solar/os/src/commit/e10f27785498a10cfc22de8c89f76defa98c4599/users/ben/default.nix#L22
https://git.b12f.io/pub-solar/os/src/commit/e10f27785498a10cfc22de8c89f76defa98c4599/profiles/base-user/default.nix#L26

[any1]

If someone decides to implement this, please use a strong hashing algorithm by today's standards.

[damscal]

another solution to this problem would be reading the password from a separate secret file, which can be managed using sops-nix or equivalent.
My use case is also NixOS.
In practice, add password_file as one more keyword in the config file. Then the config file can be added in public repos. No need to use hashing algorithms.
Any interest in implementing this simpler solution? @any1

[any1]

Having a file for the password seems like an OK feature. I won't say no to it if it's correctly done.