I've set up a number of custom systemd service units that may contain sensitive data in their environment variables. While it's not possible for non-root users to systemctl cat that service, anybody can see all the data through systemctl show. This is undesired as that data should not be read by other users. The *.service files in /etc/systemd/system are marked only readable by root (mode 600).
I couldn't find any information about access restrictions for systemd. Is this even possible? Or is all systemd data considered public and world-readable? If there's no security available, I guess I'll have to stop using the systemd features and wrap everything in another layer of inaccessible script files.
My current environments are Ubuntu Server 16.04 and 20.04.
