From b0c5ffbe1d2dbbf1f9c460be0b4f18500c50a90f Mon Sep 17 00:00:00 2001 From: Igor Pashev Date: Thu, 1 Dec 2016 22:32:09 +0300 Subject: BREAKING: Allow !include in config file This changes semantics of these options: - key - oauth2..client_secret They are no longer files, but strings. To read content from files, use !include. The point of being files or read from files is to segregate secrets from non-sensitive easily discoverable settings. With !include it is much more simple and flexible. --- sproxy.yml.example | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'sproxy.yml.example') diff --git a/sproxy.yml.example b/sproxy.yml.example index 1df82aa..a9cf9cc 100644 --- a/sproxy.yml.example +++ b/sproxy.yml.example @@ -1,5 +1,7 @@ --- # Sproxy configuration. Don't remove this line. This is YAML: https://en.wikipedia.org/wiki/YAML +# NOTE: You can use the !include directive to import parts of this file. + # Logging level: debug, info, warn, error. # Optional. Default is debug. # @@ -101,34 +103,32 @@ ssl_key: /path/key.pem # datafile: /path/data.yml -# A file with arbitrary content used to sign sproxy cookie and other things (secret!). +# Arbitrary string used to sign sproxy cookie and other things (secret!). # Optional. If not specified, a random key is generated on startup, and # as a consequence, restaring sproxy will invalidate existing user sessions. # This option could be useful for load-balancing with multiple sproxy instances, # when all instances must understand cookies created by each other. # This should not be very large, a few random bytes are fine. # -# key: /run/keys/sproxy.secret +# key: !include /run/keys/sproxy.secret # Credentials for supported OAuth2 providers. # Currently supported: "google", "linkedin" # At least one provider is required. # Attributes: -# client_id - OAuth2 client ID (string) -# client_secret - OAuth2 client secret. Regardless of its name, this is a file. -# The secret is read from the file which you should keep secret. -# Only the first line of this file is read. +# client_id - OAuth2 client ID. +# client_secret - OAuth2 client secret. # # Example: # oauth2: # google: # client_id: "XXXXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY.apps.googleusercontent.com" -# client_secret: "/run/keys/XXXXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY.apps.googleusercontent.com" +# client_secret: !include /run/keys/XXXXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY.apps.googleusercontent.com # # linkedin: # client_id: "xxxxxxxxxxxxxx" -# client_secret: "/run/keys/xxxxxxxxxxxxxx" +# client_secret: !include "/run/keys/xxxxxxxxxxxxxx" # # # oauth2: -- cgit v1.2.3