From 9eb45871790f19b174bfe5a1d7b223627d4191dd Mon Sep 17 00:00:00 2001
From: Saad Nadeem <saadndm.sn@gmail.com>
Date: Wed, 4 Mar 2026 22:07:37 -0500
Subject: [PATCH] fix: use RUSTFS_*_KEY_FILE for LoadCredential secrets (#19)

---
 CHANGELOG.md         | 2 +-
 docs/IMPROVEMENTS.md | 8 ++++----
 nixos/rustfs.nix     | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 841cf9e..f1c7c75 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -33,7 +33,7 @@ Following community feedback on Issue #9, additional improvements aligned with N
 
 - Eliminated `pkgs.writeShellScript` wrapper for credential loading
 - Uses systemd's `%d` placeholder for credentials directory
-- Cleaner implementation: `RUSTFS_ACCESS_KEY = "file:%d/access-key"`
+- Cleaner implementation: `RUSTFS_ACCESS_KEY_FILE = "%d/access-key"`
 - Direct binary execution without wrapper script
 
 #### Default to Systemd Journal Logging
diff --git a/docs/IMPROVEMENTS.md b/docs/IMPROVEMENTS.md
index 1ca62ea..bade162 100644
--- a/docs/IMPROVEMENTS.md
+++ b/docs/IMPROVEMENTS.md
@@ -49,8 +49,8 @@ environment = {
 # Before: Shell script wrapper reading from $CREDENTIALS_DIRECTORY
 # After: Direct environment variable with %d placeholder
 environment = {
-  RUSTFS_ACCESS_KEY = "file:%d/access-key";
-  RUSTFS_SECRET_KEY = "file:%d/secret-key";
+  RUSTFS_ACCESS_KEY_FILE = "%d/access-key";
+  RUSTFS_SECRET_KEY_FILE = "%d/secret-key";
 };
 ExecStart = "${cfg.package}/bin/rustfs";  # Direct execution
 ```
@@ -102,8 +102,8 @@ LoadCredential = [
 # Secrets referenced via %d placeholder in environment variables
 # This is cleaner and more idiomatic than using a shell script wrapper
 environment = {
-  RUSTFS_ACCESS_KEY = "file:%d/access-key";
-  RUSTFS_SECRET_KEY = "file:%d/secret-key";
+  RUSTFS_ACCESS_KEY_FILE = "%d/access-key";
+  RUSTFS_SECRET_KEY_FILE = "%d/secret-key";
   # ...other environment variables
 };
 
diff --git a/nixos/rustfs.nix b/nixos/rustfs.nix
index 3c2b50d..e056a53 100644
--- a/nixos/rustfs.nix
+++ b/nixos/rustfs.nix
@@ -175,8 +175,8 @@ in
         RUSTFS_CONSOLE_ADDRESS = cfg.consoleAddress;
         RUST_LOG = cfg.logLevel;
         # Use %d to reference the credentials directory set by LoadCredential
-        RUSTFS_ACCESS_KEY = "file:%d/access-key";
-        RUSTFS_SECRET_KEY = "file:%d/secret-key";
+        RUSTFS_ACCESS_KEY_FILE = "%d/access-key";
+        RUSTFS_SECRET_KEY_FILE = "%d/secret-key";
       } // lib.optionalAttrs (cfg.logDirectory != null) {
         RUSTFS_OBS_LOG_DIRECTORY = cfg.logDirectory;
       } // cfg.extraEnvironmentVariables;