Add a big warning to secret_key now it's important
This commit is contained in:
parent
f55a00ecef
commit
1a7ffb4bff
@ -74,6 +74,14 @@ be provided to the containers from the first boot.
|
|||||||
* ``TAKAHE_SECRET_KEY`` must be a fixed, random value (it's used for internal
|
* ``TAKAHE_SECRET_KEY`` must be a fixed, random value (it's used for internal
|
||||||
cryptography). Don't change this unless you want to invalidate all sessions.
|
cryptography). Don't change this unless you want to invalidate all sessions.
|
||||||
|
|
||||||
|
.. warning::
|
||||||
|
|
||||||
|
You **must** keep the value of ``TAKAHE_SECRET_KEY`` unique and secret. Anyone
|
||||||
|
with this value can modify their session to impersonate any user, including
|
||||||
|
admins. It should be kept even more secure than your admin passwords, and
|
||||||
|
should be long, random and completely unguessable. We recommend that it is
|
||||||
|
at least 64 characters.
|
||||||
|
|
||||||
* ``TAKAHE_MEDIA_BACKEND`` must be a URI starting with ``local://``, ``s3://``
|
* ``TAKAHE_MEDIA_BACKEND`` must be a URI starting with ``local://``, ``s3://``
|
||||||
or ``gcs://``. See :ref:`media_configuration` below for more.
|
or ``gcs://``. See :ref:`media_configuration` below for more.
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user