Today I learned about the existence of systemd-creds a system-level keystore that automatically utilises a TPM if present. This allows to store and load credentials for systemd and other system services using dbus or the systemd-creds CLI.

I came across this while looking into hardening the minio setup on TrueNAS Scale.