diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml
index daaf00ac3..acddd63e1 100644
--- a/doc/manual/command-ref/conf-file.xml
+++ b/doc/manual/command-ref/conf-file.xml
@@ -421,6 +421,16 @@ flag, e.g. --option gc-keep-outputs false.
+ binary-cache-secret-key-file
+
+ Path of the file containing the secret key to be
+ used for signing binary caches. This file can be generated using
+ nix-store
+ --generate-binary-cache-key.
+
+
+
+
binary-caches-parallel-connections
The maximum number of parallel HTTP connections
diff --git a/src/libstore/http-binary-cache-store.cc b/src/libstore/http-binary-cache-store.cc
index 861e13c7f..9614d0b4c 100644
--- a/src/libstore/http-binary-cache-store.cc
+++ b/src/libstore/http-binary-cache-store.cc
@@ -1,5 +1,6 @@
#include "binary-cache-store.hh"
#include "download.hh"
+#include "globals.hh"
namespace nix {
@@ -65,7 +66,7 @@ static RegisterStoreImplementation regStore([](const std::string & uri) -> std::
if (std::string(uri, 0, 7) != "http://" &&
std::string(uri, 0, 8) != "https://") return 0;
auto store = std::make_shared(std::shared_ptr(0),
- "", // FIXME: allow the signing key to be set
+ settings.get("binary-cache-secret-key-file", string("")),
uri);
store->init();
return store;
diff --git a/src/libstore/local-binary-cache-store.cc b/src/libstore/local-binary-cache-store.cc
index 6adabaf9f..efd6d4725 100644
--- a/src/libstore/local-binary-cache-store.cc
+++ b/src/libstore/local-binary-cache-store.cc
@@ -1,4 +1,5 @@
#include "binary-cache-store.hh"
+#include "globals.hh"
namespace nix {
@@ -75,7 +76,7 @@ ref openLocalBinaryCacheStore(std::shared_ptr localStore,
static RegisterStoreImplementation regStore([](const std::string & uri) -> std::shared_ptr {
if (std::string(uri, 0, 7) != "file://") return 0;
return openLocalBinaryCacheStore(std::shared_ptr(0),
- "", // FIXME: allow the signing key to be set
+ settings.get("binary-cache-secret-key-file", string("")),
std::string(uri, 7));
});