From d11504093c0dff22e5371fada9037e6436abf628 Mon Sep 17 00:00:00 2001 From: Mohammed Anas Date: Thu, 29 Jul 2021 17:10:56 +0000 Subject: [PATCH] Make it clear in README that backing up secret.txt is ok --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 7484da4..9e825fb 100644 --- a/README.md +++ b/README.md @@ -109,9 +109,10 @@ The default configuration creates a file “`secret.txt`” in the project’s base directory, which is used as the value of the Django `SECRET_KEY` setting. You can revoke this key by deleting the `secret.txt` file and the next time the app is run, a new one will be generated. Make sure you keep -the `secret.txt` file secret (don’t accidentally commit it to version -control, exclude it from your backups, etc.). If you want to change to a -more secure system for storing secrets, edit `etesync_server/settings.py` +the `secret.txt` file secret (e.g. don’t accidentally commit it to version +control). However, backing it up is okay, and it makes it easier to restore +the database to a new EteSync server, but it's not essential. If you want to +change to a more secure system for storing secrets, edit `etesync_server/settings.py` and implement your own method for setting `SECRET_KEY` (remove the line where it uses the `get_secret_from_file` function). Read the Django docs for more information about the `SECRET_KEY` and its uses.