Store Mediawiki secret key in Docker etc.

Closes #7

.envrc.sample

@@ -10,6 +10,7 @@ export MEDIAWIKI_EMAIL_FROM="wiki@wiki.example.com"
 
 export DB_ROOT_PASSWORD_VERSION=v1
 export DB_PASSWORD_VERSION=v1
+export MEDIAWIKI_SECRET_KEY_VERSION=v1
 export LOCAL_SETTINGS_CONF_VERSION=v1
 export HTACCESS_CONF_VERSION=v1
 export ENTRYPOINT_CONF_VERSION=v1

LocalSettings.php.tmpl

@@ -97,7 +97,7 @@ $wgShellLocale = "C.UTF-8";
 # Site language code, should be one of the list in ./languages/data/Names.php
 $wgLanguageCode = "en";
 
-$wgSecretKey = "8a83180cd66683c2a379882211187d6f79a1d40749b962598148f67893ff10cf";
+$wgSecretKey = rtrim(file_get_contents('/run/secrets/mediawiki_secret_key'));
 
 # Changing this will log out all existing sessions.
 $wgAuthenticationTokenVersion = "1";

README.md

@@ -13,9 +13,10 @@ Based on [`mediawiki-ve-bundle`][mediawiki-ve].
    your Docker swarm box
 4. `direnv allow` (or `. .envrc`)
 5. `abra secret_generate db_password v1 && abra secret_generate db_root_password v2`
-6. `abra deploy`
-7. `abra service_run mediawiki /bin/bash` to open a shell
-8. `php /var/www/html/maintenance/createAndPromote.php YourUsername YourPassword`
+7. `abra secret_generate mediawiki_secret_key "pwgen -n 64 1"`
+8. `abra deploy`
+9. `abra service_run mediawiki /bin/bash` to open a shell
+10. `php /var/www/html/maintenance/createAndPromote.php YourUsername YourPassword`
 
 ## License
 

compose.yml

@@ -46,6 +46,7 @@ services:
       - mariadb
     secrets:
       - db_password
+      - mediawiki_secret_key
     networks:
       - proxy
       - internal
@@ -77,6 +78,9 @@ secrets:
   db_password:
     name: ${STACK_NAME}_db_password_${DB_PASSWORD_VERSION}
     external: true
+  mediawiki_secret_key:
+    name: ${STACK_NAME}_mediawiki_secret_key_${MEDIAWIKI_SECRET_KEY_VERSION}
+    external: true
 
 configs:
   LocalSettings_conf: