diff options
| author | Clar Fon <15850505+clarfonthey@users.noreply.github.com> | 2022-10-01 13:26:33 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-02 01:26:33 +0800 |
| commit | 3d10193be2b4476d1d0d3249a9884fcc0faa64e5 (patch) | |
| tree | a94e7a09e276682f28955fcaa515d9a096254df4 /docs | |
| parent | 04e97b83115e7439d43c0ede5fe2d1b50d201c52 (diff) | |
| download | gitea-3d10193be2b4476d1d0d3249a9884fcc0faa64e5.tar.gz gitea-3d10193be2b4476d1d0d3249a9884fcc0faa64e5.zip | |
Allow specifying SECRET_KEY_URI, similar to INTERNAL_TOKEN_URI (#19663)
Only load SECRET_KEY and INTERNAL_TOKEN if they exist.
Never write the config file if the keys do not exist, which was only a fallback for Gitea upgraded from < 1.5
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/content/doc/advanced/config-cheat-sheet.en-us.md | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index ef64c57246..50571bd443 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -494,7 +494,8 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o ## Security (`security`) - `INSTALL_LOCK`: **false**: Controls access to the installation page. When set to "true", the installation page is not accessible. -- `SECRET_KEY`: **\<random at every install\>**: Global secret key. This should be changed. +- `SECRET_KEY`: **\<random at every install\>**: Global secret key. This key is VERY IMPORTANT, if you lost it, the data encrypted by it (like 2FA secret) can't be decrypted anymore. +- `SECRET_KEY_URI`: **<empty>**: Instead of defining SECRET_KEY, this option can be used to use the key stored in a file (example value: `file:/etc/gitea/secret_key`). It shouldn't be lost like SECRET_KEY. - `LOGIN_REMEMBER_DAYS`: **7**: Cookie lifetime, in days. - `COOKIE_USERNAME`: **gitea\_awesome**: Name of the cookie used to store the current username. - `COOKIE_REMEMBER_NAME`: **gitea\_incredible**: Name of cookie used to store authentication @@ -520,7 +521,7 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o - `ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET`: **true**: Set to `false` to allow local users to push to gitea-repositories without setting up the Gitea environment. This is not recommended and if you want local users to push to Gitea repositories you should set the environment appropriately. - `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server. - `INTERNAL_TOKEN`: **\<random at every install if no uri set\>**: Secret used to validate communication within Gitea binary. -- `INTERNAL_TOKEN_URI`: **<empty>**: Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token`) +- `INTERNAL_TOKEN_URI`: **<empty>**: Instead of defining INTERNAL_TOKEN in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token`) - `PASSWORD_HASH_ALGO`: **pbkdf2**: The hash algorithm to use \[argon2, pbkdf2, scrypt, bcrypt\], argon2 will spend more memory than others. - `CSRF_COOKIE_HTTP_ONLY`: **true**: Set false to allow JavaScript to read CSRF cookie. - `MIN_PASSWORD_LENGTH`: **6**: Minimum password length for new users. |