On Sun, 2023-10-08 at 14:10 +0200, Maximilian Winkler wrote: > 1. Avoid storing plaintext passphrases/keys in wpa_supplicant.conf
I use pass for some VPN setups wherein I use a wrapper script to, in order: 1. assemble a configuration file, based on a template, with contents retrieved from pass 2. start the service 3. erase the file openforticlient and openvpn both tolerate having their configuration file yoinked while running. I can't speak for wpa_supplicant, and it doesn't cover your other use case, but it might be worth a try.
