From 4de6640c0d61a3c36a606eac01a8c2df8e212b03 Mon Sep 17 00:00:00 2001
From: Francois Kritzinger <francois@codesynthesis.com>
Date: Fri, 10 Jan 2025 14:41:50 +0200
Subject: ci-github: Store webhook secret in a file

Keep secrets out of the configuration file for the sake of security.
---
 etc/brep-module.conf | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'etc/brep-module.conf')

diff --git a/etc/brep-module.conf b/etc/brep-module.conf
index fd6ba67..cdf028a 100644
--- a/etc/brep-module.conf
+++ b/etc/brep-module.conf
@@ -454,13 +454,15 @@ menu About=?about
 
 
 # The GitHub App's configured webhook secret. If not set, then the GitHub CI
-# service is disabled. Note: make sure to choose a strong (random) secret.
+# service is disabled. Note that the path must be absolute. Note: make sure to
+# choose a strong (random) secret.
 #
-# ci-github-app-webhook-secret
+# ci-github-app-webhook-secret <path>
 
 
 # The private key used during GitHub API authentication for the specified
-# GitHub App ID. Both vales are found in the GitHub App's settings.
+# GitHub App ID. Both vales are found in the GitHub App's settings. Note that
+# the paths must be absolute.
 #
 # ci-github-app-id-private-key <id>=<path>
 
-- 
cgit v1.1