Enhancement: config: allow setting a file-path rather then the raw secret

[herbetom]

It would be nice if rather then setting the secret directly within the config it would be possible to set a path to where the secret is located.

Something like a secret file "/run/keys/fastd-secret" config option.

This way accidentally leaking secrets would be quite a bit harder (it has already hapened in the past while sharing our rendererd config).

A workarround is to create a file with just the secret and include it:

secret "...";

This hoewer requires to put that "secret" wrapper arround the actual key. And with it not beeing a straight forward option in the docs most likely less likely to be implemented that way.

[neocturne]

Using the include with just a secret is the recommended way to structure your configs, but you're right that it could be made clearer in the docs.

[herbetom]

The main reason to have this as a dedicated feature is in my eyes that it then wouldn't require some sort of wrapper or treating secret "..."; as your secret in your secret management solution which may only allow tracking whole files.

But recomending a include in the docs also achieves the goal of helping people not leaking their secrets. 👍