You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/06-concepts/07-configuration.md
+58-19Lines changed: 58 additions & 19 deletions
Original file line number
Diff line number
Diff line change
@@ -73,29 +73,77 @@ These can be separately declared for each run mode in the corresponding yaml fil
73
73
74
74
Secrets are declared in the `passwords.yaml` file. The password file is structured with a common `shared` section, any secret put here will be used in all run modes. The other sections are the names of the run modes followed by respective key/value pairs.
75
75
76
+
You can define your own custom secrets in the [passwords file](#passwords-file-example) by adding them to either the `shared` section (to make them available in all run modes) or to specific run mode sections. These custom secrets will be available in your code through the `Session.passwords` map.
77
+
78
+
#### Built-in Secrets
79
+
80
+
The following table shows the built-in secrets that Serverpod uses for its core functionality. These can be configured either through environment variables or by adding the corresponding key in a respective run mode or shared section in the passwords file. These are separate from any custom passwords you might define.
| SERVERPOD_HMAC_ACCESS_KEY_ID | HMACAccessKeyId | - | The access key ID for HMAC authentication for serverpod_cloud_storage_gcp |
98
+
| SERVERPOD_HMAC_SECRET_KEY | HMACSecretKey | - | The secret key for HMAC authentication for serverpod_cloud_storage_gcp |
99
+
| SERVERPOD_AWS_ACCESS_KEY_ID | AWSAccessKeyId | - | The access key ID for AWS authentication for serverpod_cloud_storage_s3 |
100
+
| SERVERPOD_AWS_SECRET_KEY | AWSSecretKey | - | The secret key for AWS authentication for serverpod_cloud_storage_s3 |
101
+
82
102
### Custom Passwords
83
103
84
-
In addition to the predefined secrets above, you can define custom passwords using environment variables with the `SERVERPOD_PASSWORD_` prefix. For example, `SERVERPOD_PASSWORD_myApiKey` will be available in your code as `myApiKey` (the prefix is stripped) through the `Session.passwords` map. These environment variables will override any passwords defined in the [passwords file](#passwords-file-example) if the name (after stripping the prefix) matches. Like the `shared` section in the passwords file, these environment variables are available in all run modes.
104
+
You can define custom passwords in two ways:
105
+
106
+
#### 1. Via Passwords File
107
+
108
+
Add your custom secrets directly to the passwords file under the `shared` section (available in all run modes) or under specific run mode sections:
109
+
110
+
```yaml
111
+
shared:
112
+
myCustomSharedSecret: 'secret_key'
113
+
stripeApiKey: 'sk_test_123...'
114
+
115
+
development:
116
+
database: 'development_password'
117
+
redis: 'development_password'
118
+
serviceSecret: 'development_service_secret'
119
+
twilioApiKey: 'dev_twilio_key'
120
+
121
+
production:
122
+
database: 'production_password'
123
+
redis: 'production_password'
124
+
serviceSecret: 'production_service_secret'
125
+
twilioApiKey: 'prod_twilio_key'
126
+
```
127
+
128
+
#### 2. Via Environment Variables
129
+
130
+
You can also define custom passwords using environment variables with the `SERVERPOD_PASSWORD_` prefix. For example, `SERVERPOD_PASSWORD_myApiKey` will be available as `myApiKey` (the prefix is stripped). These environment variables will override any passwords defined in the passwords file if the name (after stripping the prefix) matches. Like the `shared` section in the passwords file, these environment variables are available in all run modes.
| SERVERPOD_PASSWORD\_\*| Custom password that will be available in the Session.passwords map. The prefix `SERVERPOD_PASSWORD_`prefix will be stripped from the key name. |
| SERVERPOD_PASSWORD\_\* | Custom password that will be available in the Session.passwords map. The prefix `SERVERPOD_PASSWORD_` will be stripped from the key name. |
89
135
90
-
#### Example
136
+
**Example:**
91
137
92
-
To define a custom password through an environment variable, set it as an environment variable with the prefix:
138
+
To define a custom password through an environment variable:
You can then access any custom password (whether defined in the passwords file or via environment variables) in your endpoint code through the `Session.passwords` map:
| SERVERPOD_HMAC_ACCESS_KEY_ID | HMACAccessKeyId | - | The access key ID for HMAC authentication for serverpod_cloud_storage_gcp |
116
-
| SERVERPOD_HMAC_SECRET_KEY | HMACSecretKey | - | The secret key for HMAC authentication for serverpod_cloud_storage_gcp |
117
-
| SERVERPOD_AWS_ACCESS_KEY_ID | AWSAccessKeyId | - | The access key ID for AWS authentication for serverpod_cloud_storage_s3 |
118
-
| SERVERPOD_AWS_SECRET_KEY | AWSSecretKey | - | The secret key for AWS authentication for serverpod_cloud_storage_s3 |
119
-
120
156
### Config file example
121
157
122
158
The config file should be named after the run mode you start the server in and it needs to be placed inside the `config` directory in the root of the server project. As an example, you have the `config/development.yaml` that will be used when running in the `development` run mode.
@@ -172,16 +208,19 @@ The password file contains the secrets used by the server to connect to differen
0 commit comments