Constant ONLY_NETHSM_ADMIN_SSS_NON_ADMIN_SYSTEMD_CREDS 

const ONLY_NETHSM_ADMIN_SSS_NON_ADMIN_SYSTEMD_CREDS: &[u8] = b"system:\n  iteration: 1\n  admin_secret_handling:\n    shamirs-secret-sharing:\n      number_of_shares: 3\n      threshold: 2\n  non_admin_secret_handling: systemd-creds\n  mappings:\n    - share_holder:\n        system_user: share-holder1\n        ssh_authorized_key: >-\n          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAN54Gd1jMz+yNDjBRwX1SnOtWuUsVF64RJIeYJ8DI7b\n          user@host\n    - share_holder:\n        system_user: share-holder2\n        ssh_authorized_key: >-\n          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDgwGfIRBAsOUuDEZw/uJQZSwOYr4sg2DAZpcc7MfOj\n          user@host\n    - share_holder:\n        system_user: share-holder3\n        ssh_authorized_key: >-\n          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILWqWyMCk5BdSl1c3KYoLEokKr7qNVPbI1IbBhgEBQj5\n          user@host\n    - wire_guard_download:\n        system_user: wireguard-downloader\n        ssh_authorized_key: >-\n          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOh9BTe81DC6A0YZALsq9dWcyl6xjjqlxWPwlExTFgBt\n          user@host\nnethsm:\n  connections:\n    - url: https://localhost:8080/\n      tls_security: Unsafe\n    - url: https://localhost:8081/\n      tls_security: Unsafe\n  mappings:\n    - admin: admin\n    - admin: ns1~admin\n    - backup:\n        backend_user: backup\n        ssh_authorized_key: >-\n          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrIYA+bfMBThUP5lKbMFEHiytmcCPhpkGrB/85n0mAN\n          user@host\n        system_user: backup-user\n    - hermetic_metrics:\n        backend_users:\n          metrics_user: hermeticmetrics\n          operator_users:\n            - hermetickeymetrics\n        system_user: nethsm-hermetic-metrics-user\n    - metrics:\n        backend_users:\n          metrics_user: metrics\n          operator_users:\n            - keymetrics\n        ssh_authorized_key: >-\n          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPkpXKiNhy39A3bZ1u19a5d4sFwYMBkWQyCbzgUfdKBm\n          user@host\n        system_user: metrics-user\n    - signing:\n        backend_user: signing\n        signing_key_id: signing1\n        key_setup:\n          key_type: Curve25519\n          key_mechanisms:\n            - EdDsaSignature\n          signature_type: EdDsa\n          key_context:\n            openpgp:\n              user_ids:\n                - Foobar McFooface <foobar@mcfooface.org>\n              version: \"4\"\n        ssh_authorized_key: >-\n          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOh96uFTnvX6P1ebbLxXFvy6sK7qFqlMHDOuJ0TmuXQQ\n          user@host\n        system_user: signing-user\n        tag: signing1\n    - signing:\n        backend_user: ns1~signing\n        signing_key_id: signing1\n        key_setup:\n          key_type: Curve25519\n          key_mechanisms:\n            - EdDsaSignature\n          signature_type: EdDsa\n          key_context:\n            openpgp:\n              user_ids:\n                - Barfoo McBarface <barfoo@mcbarface.org>\n              version: \"4\"\n        ssh_authorized_key: >-\n          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJr4wdlEv3ZKkDufEQTZSLOjDLO3DeNN2pqKmp00ufIu\n          user@host\n        system_user: ns1-signing-user\n        tag: signing1\n";

Config with NetHSM backend.

• Shamir’s Secret Sharing for administrative secrets
• systemd-creds for non-administrative secrets