NAME
gotd-secrets.conf
—
gotd secrets file
DESCRIPTION
gotd-secrets.conf
contains authentication
credentials for use with gotd(8) notifications. This file must be owned by the root user and
must not be readable by any other users.
The file format is line-based, with one entry per line. Comments can appear at the start of a line using a hash mark (‘#’), and extend to the end of the line. Empty lines are ignored.
Each entry consists of whitespace-separated tokens and defines a set of credentials. Any credential parameters containing whitespace should be surrounded by single or double quotes.
Each set of credentials must be given a label which can be used to refer to credentials in gotd.conf(5). This label must be unique among all credentials of the same type.
The supported credential types and their parameters are:
auth
labeluser
userpassword
password- The
auth
type represents HTTP Basic Authentication credentials consisting of a user and a password. hmac
label secret- The
hmac
type represents shared secrets for use with HMAC signatures of HTTP request bodies. A suitable secret can be generated with openssl(1) as follows:$ openssl rand -base64 32
FILES
- /etc/gotd-secrets.conf
- Location of the
gotd-secrets.conf
configuration file.
EXAMPLES
Define credentials for HTTP basic authentication and HMAC signatures:
# /etc/gotd-secrets.conf auth mochi user "flan" password "super-strong-password!" hmac hacker q0tcl8QhjYs7U75MW/2rwB30CpdbAhONkfLGxFHm/+8=
These credentials can be referenced in gotd.conf(5) as follows:
# /etc/gotd.conf repository "openbsd/src" { path "/var/git/src.git" permit rw :hackers notify { url https://example.com/ci/ auth mochi hmac hacker } }