aboutsummaryrefslogtreecommitdiff
path: root/doc/book/reference-manual
diff options
context:
space:
mode:
authorAlex <alex@adnab.me>2023-02-06 14:18:58 +0000
committerAlex <alex@adnab.me>2023-02-06 14:18:58 +0000
commitd14678e0ac4511156d651cd1f5bf05474e92b6bb (patch)
treed68053ff8b09592dfa30345027888235e90c6b67 /doc/book/reference-manual
parentfba8224cf00f7c542150e48a88c22025ff03b948 (diff)
parent80e232699825c5c512e8714e08b6a80992a06498 (diff)
downloadgarage-d14678e0ac4511156d651cd1f5bf05474e92b6bb.tar.gz
garage-d14678e0ac4511156d651cd1f5bf05474e92b6bb.zip
Merge pull request 'Secrets can be passed directly in config, as file, or as env' (#499) from config-files-env into main
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/garage/pulls/499
Diffstat (limited to 'doc/book/reference-manual')
-rw-r--r--doc/book/reference-manual/configuration.md40
1 files changed, 24 insertions, 16 deletions
diff --git a/doc/book/reference-manual/configuration.md b/doc/book/reference-manual/configuration.md
index 7a829836..38062bab 100644
--- a/doc/book/reference-manual/configuration.md
+++ b/doc/book/reference-manual/configuration.md
@@ -3,6 +3,8 @@ title = "Configuration file format"
weight = 20
+++
+## Full example
+
Here is an example `garage.toml` configuration file that illustrates all of the possible options:
```toml
@@ -259,17 +261,17 @@ Compression is done synchronously, setting a value too high will add latency to
This value can be different between nodes, compression is done by the node which receive the
API call.
-### `rpc_secret`
-
-Garage uses a secret key that is shared between all nodes of the cluster
-in order to identify these nodes and allow them to communicate together.
-This key should be specified here in the form of a 32-byte hex-encoded
-random string. Such a string can be generated with a command
-such as `openssl rand -hex 32`.
+### `rpc_secret`, `rpc_secret_file` or `GARAGE_RPC_SECRET` (env)
-### `rpc_secret_file`
+Garage uses a secret key, called an RPC secret, that is shared between all
+nodes of the cluster in order to identify these nodes and allow them to
+communicate together. The RPC secret is a 32-byte hex-encoded random string,
+which can be generated with a command such as `openssl rand -hex 32`.
-Like `rpc_secret` above, just that this is the path to a file that Garage will try to read the secret from.
+The RPC secret should be specified in the `rpc_secret` configuration variable.
+Since Garage `v0.8.2`, the RPC secret can also be stored in a file whose path is
+given in the configuration variable `rpc_secret_file`, or specified as an
+environment variable `GARAGE_RPC_SECRET`.
### `rpc_bind_addr`
@@ -411,22 +413,28 @@ If specified, Garage will bind an HTTP server to this port and address, on
which it will listen to requests for administration features.
See [administration API reference](@/documentation/reference-manual/admin-api.md) to learn more about these features.
-### `metrics_token` (since version 0.7.2)
+### `metrics_token`, `metrics_token_file` or `GARAGE_METRICS_TOKEN` (env)
-The token for accessing the Metrics endpoint. If this token is not set in
-the config file, the Metrics endpoint can be accessed without access
-control.
+The token for accessing the Metrics endpoint. If this token is not set, the
+Metrics endpoint can be accessed without access control.
You can use any random string for this value. We recommend generating a random token with `openssl rand -hex 32`.
-### `admin_token` (since version 0.7.2)
+`metrics_token` was introduced in Garage `v0.7.2`.
+`metrics_token_file` and the `GARAGE_METRICS_TOKEN` environment variable are supported since Garage `v0.8.2`.
+
+
+### `admin_token`, `admin_token_file` or `GARAGE_ADMIN_TOKEN` (env)
The token for accessing all of the other administration endpoints. If this
-token is not set in the config file, access to these endpoints is disabled
-entirely.
+token is not set, access to these endpoints is disabled entirely.
You can use any random string for this value. We recommend generating a random token with `openssl rand -hex 32`.
+`admin_token` was introduced in Garage `v0.7.2`.
+`admin_token_file` and the `GARAGE_ADMIN_TOKEN` environment variable are supported since Garage `v0.8.2`.
+
+
### `trace_sink`
Optionally, the address of an OpenTelemetry collector. If specified,