Is there a typical way to pass a password to a Systemd Unit file?
There are two possible approaches here, depending on your requirements. If you do not want to be prompted for the password when the service is activated, use the
EnvironmentFile directive. From
Similar to Environment= but reads the environment variables from a text file. The text file should contain new-line-separated variable assignments.
If you do want to be prompted, you would use one of the
systemd-ask-password directives. From
systemd-ask-password may be used to query a system password or passphrase from the user, using a question message specified on the command line. When run from a TTY it will query a password on the TTY and print it to standard output. When run with no TTY or with --no-tty it will use the system-wide query mechanism, which allows active users to respond via several agents
There's a third alternative to this as well as the 2 suggestion by @jasonwryan.excerpt from Michael Hampton's answer at ServerFault - How to set environment variable in systemd service?
The current best way to do this is to run
systemctl edit myservice, which will create an override file for you or let you edit an existing one.
In normal installations this will create a directory
/etc/systemd/system/myservice.service.d, and inside that directory create a file whose name ends in
override.conf), and in this file you can add to or override any part of the unit shipped by the distribution.
For instance, in a file
[Service] Environment="SECRET=pGNqduRFkB4K9C2vijOmUDa2kPtUhArN" Environment="ANOTHER_SECRET=JP8YLOc2bsNlrGuD6LVTq7L36obpjzxd"
Also note that if the directory exists and is empty, your service will be disabled! If you don't intend to put something in the directory, ensure that it does not exist.