From 29f85f332341b32e78c6ace5ba0541f8878fb792 Mon Sep 17 00:00:00 2001 From: Apfelwurm Date: Fri, 21 Mar 2025 11:24:50 +0000 Subject: [PATCH] add secret generation characters modifier to maintainers handbook (#271) This is the documentation part for the secret generation characters modifier addition to abra ( https://git.coopcloud.tech/toolshed/abra/pulls/521) It might get updated or deleted depending on the outcome of the features PR. Reviewed-on: https://git.coopcloud.tech/toolshed/docs.coopcloud.tech/pulls/271 Co-authored-by: Apfelwurm Co-committed-by: Apfelwurm --- docs/maintainers/handbook.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/docs/maintainers/handbook.md b/docs/maintainers/handbook.md index 8202c5242..3bf68a9d9 100644 --- a/docs/maintainers/handbook.md +++ b/docs/maintainers/handbook.md @@ -533,6 +533,32 @@ word" style generator but instead a string of characters to match the exact length. This can be useful if you have to generate "key" style values instead of passwords which admins have to type out in database shells. +## How do I change secret generation characters? + +It is also possible to tell `abra` which characters it should use to generate secrets with from your recipe config. + +You do this by adding an additional modifier in the inline comment on the secret definition in the `.env.sample` / `.env` file. + +Here are some examples: + +```bash +SECRET_ADMIN_INIT_PASSWORD_VERSION=v1 # length=64 charset=default,safespecial +SECRET_SERVICE_PASSWORD_VERSION=v1 # length=64 charset=default,special +``` + +The possible Values are: + +| Value | Characters | Description | +| -------------------------------------------- | ----------------------------------------------------------------------- | ----------------------------------------------------------------------------------------- | +| `special` | `!@#$%^&*_-+=` | Uses only Special Characters | +| `safespecial` | `!@#%^&*_-+=` | Uses only Special Characters, but removes the dollar sign for Console safety | +| `default,special` | `abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789!@#$%^&*_-+=` | Uses uppercase letters, lowercase letters and numbers and special characters | +| `default,safespecial` | `abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789!@#%^&*_-+=` | Uses uppercase letters, lowercase letters and numbers and console safe special characters | +| `default` | `abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789` | Uses uppercase letters, lowercase letters and numbers | +| any other value or not setting one will be treated as `default` | `abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789` | Uses uppercase letters, lowercase letters and numbers | + +The setting does only apply when you also set a length modifier to the secret (documented [here](/maintainers/handbook/#how-do-i-change-secret-generation-length)), so it is not applicable for the "easy to remember word" style generator that used when you don't set a length. + ## How are recipes added to the catalogue? > This is so far a manual process which requires someone who's been added to the