Is there a way to encrypt the password in my service file for entries MB_JETTY_SSL_KEYSTORE_PASSWORD and MB_DB_PASS?
I read this https://www.metabase.com/docs/latest/operations-guide/encrypting-database-details-at-rest.html, but I'm not sure of this is the option that I'm looking for.
Are you talking about the Debian systemd file, which contains the environment variables?
Then such encryption would have to be handled elsewhere. How is Metabase supposed to decrypt the variables?
Normally the file is placed on a filesystem that is encrypted at rest, and only readable by the service.
Yes, this is for the systemd file.
I will check the encrypted filesystem with the security group.