NAME¶

gotd-secrets.conf — gotd secrets file

DESCRIPTION¶

gotd-secrets.conf contains authentication credentials for use with gotd(8) notifications. This file must be owned by the root user and must not be readable by any other users.

The file format is line-based, with one entry per line. Comments can appear at the start of a line using a hash mark (‘#’), and extend to the end of the line. Empty lines are ignored.

Each entry consists of whitespace-separated tokens and defines a set of credentials. Any credential parameters containing whitespace should be surrounded by single or double quotes.

Each set of credentials must be given a label which can be used to refer to credentials in gotd.conf(5). This label must be unique among all credentials of the same type.

The supported credential types and their parameters are:

auth label user user password password

The auth type represents HTTP Basic Authentication credentials consisting of a user and a password.

hmac label secret

The hmac type represents shared secrets for use with HMAC signatures of HTTP request bodies. A suitable secret can be generated with openssl(1) as follows:

$ openssl rand -base64 32

FILES¶

/etc/gotd-secrets.conf

Location of the gotd-secrets.conf configuration file.

EXAMPLES¶

Define credentials for HTTP basic authentication and HMAC signatures:

# /etc/gotd-secrets.conf
auth mochi user "flan" password "super-strong-password!"
hmac hacker q0tcl8QhjYs7U75MW/2rwB30CpdbAhONkfLGxFHm/+8=

These credentials can be referenced in gotd.conf(5) as follows:

# /etc/gotd.conf
repository "openbsd/src" {
	path "/var/git/src.git"
	permit rw :hackers

	notify {
		url https://example.com/ci/ auth mochi hmac hacker
	}
}

SEE ALSO¶

got(1), gotsh(1), gotd.conf(5), gotd(8)