Following-up improvments for various PRs (#25620)

For:

* #22743
* #25408
* #25412
* #25588

1 files changed, 9 insertions, 3 deletions

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index b2b6739f38..83c713cb05 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -193,8 +193,8 @@ RUN_USER = ; git
 ;; Use `ssh-keygen` to parse public SSH keys. The value is passed to the shell. By default, Gitea does the parsing itself.
 ;SSH_KEYGEN_PATH =
 ;;
-;; Enable SSH Authorized Key Backup when rewriting all keys, default is true
-;SSH_AUTHORIZED_KEYS_BACKUP = true
+;; Enable SSH Authorized Key Backup when rewriting all keys, default is false
+;SSH_AUTHORIZED_KEYS_BACKUP = false
 ;;
 ;; Determines which principals to allow
 ;; - empty: if SSH_TRUSTED_USER_CA_KEYS is empty this will default to off, otherwise will default to email, username.
@@ -303,7 +303,10 @@ RUN_USER = ; git
 ;;
 ;;
 ;; LFS authentication secret, change this yourself
-LFS_JWT_SECRET =
+;LFS_JWT_SECRET =
+;;
+;; Alternative location to specify LFS authentication secret. You cannot specify both this and LFS_JWT_SECRET, and must pick one
+;LFS_JWT_SECRET_URI = file:/etc/gitea/lfs_jwt_secret
 ;;
 ;; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
 ;LFS_HTTP_AUTH_EXPIRY = 24h
@@ -527,6 +530,9 @@ ENABLE = true
 ;; This setting is only needed if JWT_SIGNING_ALGORITHM is set to HS256, HS384 or HS512.
 ;JWT_SECRET =
 ;;
+;; Alternative location to specify OAuth2 authentication secret. You cannot specify both this and JWT_SECRET, and must pick one
+;JWT_SECRET_URI = file:/etc/gitea/oauth2_jwt_secret
+;;
 ;; Lifetime of an OAuth2 access token in seconds
 ;ACCESS_TOKEN_EXPIRATION_TIME = 3600
 ;;