From 11a9e48b930c25710ae859d3ffec3c86b557b634 Mon Sep 17 00:00:00 2001
From: sim <git@sgougeon.fr>
Date: Wed, 13 Nov 2024 09:26:52 +0000
Subject: [PATCH] Explain how to use with user mode systemd units

---
 INSTALL.md |  2 +-
 README.md  | 12 ++++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/INSTALL.md b/INSTALL.md
index a78260b..8d8b631 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -49,7 +49,7 @@ Download the [systemd unit file](https://github.com/mollyim/mollysocket/raw/main
 You can use [systemd-creds](https://systemd.io/CREDENTIALS/) to encrypt the vapid key:
 
 ```console
-$ mollysocket vapid gen | systemd-creds encrypt --name=ms_vapid -p - -
+# mollysocket vapid gen | systemd-creds encrypt --name=ms_vapid -p - -
 SetCredentialEncrypted=ms_vapid: \
         k6iUCUh0RJCQyvL8k8q1UyAAAAABAAAADAAAABAAAAC1lFmbWAqWZ8dCCQkAAAAAgAAAA \
         AAAAAALACMA0AAAACAAAAAAfgAg9uNpGmj8LL2nHE0ixcycvM3XkpOCaf+9rwGscwmqRJ \
diff --git a/README.md b/README.md
index 0dc7773..30f5bbb 100644
--- a/README.md
+++ b/README.md
@@ -70,10 +70,18 @@ To generate a new key, you can run this command `mollysocket vapid gen`. Or usin
 
 This value can be passed to mollysocket via a file, location given with `vapid_key_file` parameter, or directly in the `vapid_privkey` parameter. _The key file takes the precedence_.
 
-To pass this value to mollysocket, you may wish to use [systemd-creds](https://systemd.io/CREDENTIALS/):
+#### If you want to use systemd-creds
+
+To pass this value to mollysocket, you may wish to use [systemd-creds](https://systemd.io/CREDENTIALS/). This allows you to store securely the VAPID key.
+
+If you have installed your systemd service in [user mode](https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Unit%20File%20Load%20Path), adds `--user` to systemd-creds commands.
 
 ```console
-$ mollysocket vapid gen | systemd-creds encrypt --name=ms_vapid -p - -
+$ # Service installed in user mode:
+$ # mollysocket vapid gen | systemd-creds --user encrypt --name=ms_vapid -p - -
+$
+# # Service installed in system mode:
+# mollysocket vapid gen | systemd-creds encrypt --name=ms_vapid -p - -
 SetCredentialEncrypted=ms_vapid: \
         k6iUCUh0RJCQyvL8k8q1UyAAAAABAAAADAAAABAAAAC1lFmbWAqWZ8dCCQkAAAAAgAAAA \
         AAAAAALACMA0AAAACAAAAAAfgAg9uNpGmj8LL2nHE0ixcycvM3XkpOCaf+9rwGscwmqRJ \