Best practices for tokens/passwords that can't be versioned


am looking for opinions on how to deal with recipes that depend on file content
that can't be versioned.

The logging service on the embedded device needs to have a certain
private key or
token to work correctly.
But due to security reasons that file can't be versioned with the layer.

The best I came up with so far is to tie the recipe with an existence of an
env variable. If the variable isn't present the recipe fails if it is,
it's content
gets redirected to the correct file.

Seems like conf/local.conf could also offer a solution given that it's
a temporary
thing (per build setup), but didn't yet figure out a good mechanism.

Be Well,

Join to automatically receive all group messages.