diff options
| author | Igor Pashev <pashev.igor@gmail.com> | 2016-12-01 22:32:09 +0300 |
|---|---|---|
| committer | Igor Pashev <pashev.igor@gmail.com> | 2016-12-01 22:43:08 +0300 |
| commit | b0c5ffbe1d2dbbf1f9c460be0b4f18500c50a90f (patch) | |
| tree | 41417f4dd08e3fc541b02ac07cc0e9494a8fceb5 /sproxy.yml.example | |
| parent | ed878508e2425ae902a7427b4e7726d35f8d29ce (diff) | |
| download | sproxy2-b0c5ffbe1d2dbbf1f9c460be0b4f18500c50a90f.tar.gz | |
BREAKING: Allow !include in config file
This changes semantics of these options:
- key
- oauth2.<provider>.client_secret
They are no longer files, but strings. To read content
from files, use !include. The point of being files or
read from files is to segregate secrets from non-sensitive
easily discoverable settings. With !include it is much
more simple and flexible.
Diffstat (limited to 'sproxy.yml.example')
| -rw-r--r-- | sproxy.yml.example | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/sproxy.yml.example b/sproxy.yml.example index 1df82aa..a9cf9cc 100644 --- a/sproxy.yml.example +++ b/sproxy.yml.example @@ -1,5 +1,7 @@ --- # Sproxy configuration. Don't remove this line. This is YAML: https://en.wikipedia.org/wiki/YAML +# NOTE: You can use the !include directive to import parts of this file. + # Logging level: debug, info, warn, error. # Optional. Default is debug. # @@ -101,34 +103,32 @@ ssl_key: /path/key.pem # datafile: /path/data.yml -# A file with arbitrary content used to sign sproxy cookie and other things (secret!). +# Arbitrary string used to sign sproxy cookie and other things (secret!). # Optional. If not specified, a random key is generated on startup, and # as a consequence, restaring sproxy will invalidate existing user sessions. # This option could be useful for load-balancing with multiple sproxy instances, # when all instances must understand cookies created by each other. # This should not be very large, a few random bytes are fine. # -# key: /run/keys/sproxy.secret +# key: !include /run/keys/sproxy.secret # Credentials for supported OAuth2 providers. # Currently supported: "google", "linkedin" # At least one provider is required. # Attributes: -# client_id - OAuth2 client ID (string) -# client_secret - OAuth2 client secret. Regardless of its name, this is a file. -# The secret is read from the file which you should keep secret. -# Only the first line of this file is read. +# client_id - OAuth2 client ID. +# client_secret - OAuth2 client secret. # # Example: # oauth2: # google: # client_id: "XXXXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY.apps.googleusercontent.com" -# client_secret: "/run/keys/XXXXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY.apps.googleusercontent.com" +# client_secret: !include /run/keys/XXXXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY.apps.googleusercontent.com # # linkedin: # client_id: "xxxxxxxxxxxxxx" -# client_secret: "/run/keys/xxxxxxxxxxxxxx" +# client_secret: !include "/run/keys/xxxxxxxxxxxxxx" # # # oauth2: |