From f3a98eb692690950eb2a3f8d3407c3e07523161d Mon Sep 17 00:00:00 2001 From: Jay Linski Date: Fri, 7 May 2021 23:40:54 +0200 Subject: [PATCH] Emphasize importance of using a custom SECRET_KEY (#931) This project provides a default SECRET_KEY for signing session-cookies: https://flask.palletsprojects.com/en/1.1.x/config/#SECRET_KEY By using the default SECRET_KEY, everyone will be able to create valid session-cookies. So users should be aware that it is very important to set a custom SECRET_KEY. --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6e97af1..67f5e2e 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,7 @@ To get started as quickly as possible try option 1. If you want to make modifica The easiest is to just run the latest Docker image from Docker Hub: ``` $ docker run -d \ + -e SECRET_KEY='a-very-secret-key' \ -v pda-data:/data \ -p 9191:80 \ ngoduykhanh/powerdns-admin:latest @@ -39,10 +40,11 @@ $ docker run -d \ This creates a volume called `pda-data` to persist the SQLite database with the configuration. #### Option 2: Using docker-compose -1. Update the configuration +1. Update the configuration Edit the `docker-compose.yml` file to update the database connection string in `SQLALCHEMY_DATABASE_URI`. Other environment variables are mentioned in the [legal_envvars](https://github.com/ngoduykhanh/PowerDNS-Admin/blob/master/configs/docker_config.py#L5-L46). - To use the Docker secrets feature it is possible to append `_FILE` to the environment variables and point to a file with the values stored in it. + To use the Docker secrets feature it is possible to append `_FILE` to the environment variables and point to a file with the values stored in it. + Make sure to set the environment variable `SECRET_KEY` to a long random string (https://flask.palletsprojects.com/en/1.1.x/config/#SECRET_KEY) 2. Start docker container ```