diff options
author | Alex <alex@adnab.me> | 2023-02-06 14:18:58 +0000 |
---|---|---|
committer | Alex <alex@adnab.me> | 2023-02-06 14:18:58 +0000 |
commit | d14678e0ac4511156d651cd1f5bf05474e92b6bb (patch) | |
tree | d68053ff8b09592dfa30345027888235e90c6b67 /doc/book | |
parent | fba8224cf00f7c542150e48a88c22025ff03b948 (diff) | |
parent | 80e232699825c5c512e8714e08b6a80992a06498 (diff) | |
download | garage-d14678e0ac4511156d651cd1f5bf05474e92b6bb.tar.gz garage-d14678e0ac4511156d651cd1f5bf05474e92b6bb.zip |
Merge pull request 'Secrets can be passed directly in config, as file, or as env' (#499) from config-files-env into main
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/garage/pulls/499
Diffstat (limited to 'doc/book')
-rw-r--r-- | doc/book/reference-manual/configuration.md | 40 |
1 files changed, 24 insertions, 16 deletions
diff --git a/doc/book/reference-manual/configuration.md b/doc/book/reference-manual/configuration.md index 7a829836..38062bab 100644 --- a/doc/book/reference-manual/configuration.md +++ b/doc/book/reference-manual/configuration.md @@ -3,6 +3,8 @@ title = "Configuration file format" weight = 20 +++ +## Full example + Here is an example `garage.toml` configuration file that illustrates all of the possible options: ```toml @@ -259,17 +261,17 @@ Compression is done synchronously, setting a value too high will add latency to This value can be different between nodes, compression is done by the node which receive the API call. -### `rpc_secret` - -Garage uses a secret key that is shared between all nodes of the cluster -in order to identify these nodes and allow them to communicate together. -This key should be specified here in the form of a 32-byte hex-encoded -random string. Such a string can be generated with a command -such as `openssl rand -hex 32`. +### `rpc_secret`, `rpc_secret_file` or `GARAGE_RPC_SECRET` (env) -### `rpc_secret_file` +Garage uses a secret key, called an RPC secret, that is shared between all +nodes of the cluster in order to identify these nodes and allow them to +communicate together. The RPC secret is a 32-byte hex-encoded random string, +which can be generated with a command such as `openssl rand -hex 32`. -Like `rpc_secret` above, just that this is the path to a file that Garage will try to read the secret from. +The RPC secret should be specified in the `rpc_secret` configuration variable. +Since Garage `v0.8.2`, the RPC secret can also be stored in a file whose path is +given in the configuration variable `rpc_secret_file`, or specified as an +environment variable `GARAGE_RPC_SECRET`. ### `rpc_bind_addr` @@ -411,22 +413,28 @@ If specified, Garage will bind an HTTP server to this port and address, on which it will listen to requests for administration features. See [administration API reference](@/documentation/reference-manual/admin-api.md) to learn more about these features. -### `metrics_token` (since version 0.7.2) +### `metrics_token`, `metrics_token_file` or `GARAGE_METRICS_TOKEN` (env) -The token for accessing the Metrics endpoint. If this token is not set in -the config file, the Metrics endpoint can be accessed without access -control. +The token for accessing the Metrics endpoint. If this token is not set, the +Metrics endpoint can be accessed without access control. You can use any random string for this value. We recommend generating a random token with `openssl rand -hex 32`. -### `admin_token` (since version 0.7.2) +`metrics_token` was introduced in Garage `v0.7.2`. +`metrics_token_file` and the `GARAGE_METRICS_TOKEN` environment variable are supported since Garage `v0.8.2`. + + +### `admin_token`, `admin_token_file` or `GARAGE_ADMIN_TOKEN` (env) The token for accessing all of the other administration endpoints. If this -token is not set in the config file, access to these endpoints is disabled -entirely. +token is not set, access to these endpoints is disabled entirely. You can use any random string for this value. We recommend generating a random token with `openssl rand -hex 32`. +`admin_token` was introduced in Garage `v0.7.2`. +`admin_token_file` and the `GARAGE_ADMIN_TOKEN` environment variable are supported since Garage `v0.8.2`. + + ### `trace_sink` Optionally, the address of an OpenTelemetry collector. If specified, |