Allow specifying SECRET_KEY_URI, similar to INTERNAL_TOKEN_URI (#19663)

Only load SECRET_KEY and INTERNAL_TOKEN if they exist.
Never write the config file if the keys do not exist, which was only a fallback for Gitea upgraded from < 1.5

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

1 files changed, 8 insertions, 3 deletions

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 0e0822d4c5..3759428ed5 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -379,14 +379,19 @@ LOG_SQL = false ; if unset defaults to true
 ;; Whether the installer is disabled (set to true to disable the installer)
 INSTALL_LOCK = false
 ;;
-;; Global secret key that will be used - if blank will be regenerated.
+;; Global secret key that will be used
+;; This key is VERY IMPORTANT. If you lose it, the data encrypted by it (like 2FA secret) can't be decrypted anymore.
 SECRET_KEY =
 ;;
+;; Alternative location to specify secret key, instead of this file; you cannot specify both this and SECRET_KEY, and must pick one
+;; This key is VERY IMPORTANT. If you lose it, the data encrypted by it (like 2FA secret) can't be decrypted anymore.
+;SECRET_KEY_URI = file:/etc/gitea/secret_key
+;;
 ;; Secret used to validate communication within Gitea binary.
 INTERNAL_TOKEN=
 ;;
-;; Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: file:/etc/gitea/internal_token)
-;INTERNAL_TOKEN_URI = ;e.g. /etc/gitea/internal_token
+;; Alternative location to specify internal token, instead of this file; you cannot specify both this and INTERNAL_TOKEN, and must pick one
+;INTERNAL_TOKEN_URI = file:/etc/gitea/internal_token
 ;;
 ;; How long to remember that a user is logged in before requiring relogin (in days)
 ;LOGIN_REMEMBER_DAYS = 7