commit - ae0afea04d6a3be933880828cf2a4eb2b4c2b18e
commit + 3a832b52c3b15cb85a1ffa9c1b889ec2cac88b54
blob - 54878c9402ad6203ea5e8dd27dea510086c07f1e
blob + 1a330f268fc8aa4dd56068850e152e343160c97e
--- gotd/gotd.conf.5
+++ gotd/gotd.conf.5
@@ -350,6 +350,9 @@ no TLS errors occur.
 The optional
 .Ic auth
 directive enables HTTP Basic authentication.
+Authentication credentials must be specified in the separate
+.Xr gotd-secrets.conf 5
+file.
 Unless the
 .Ic insecure
 option is specified the notification target
@@ -360,21 +363,16 @@ URL to avoid leaking of authentication credentials.
 .Pp
 If a
 .Ic hmac
-.Ar label
-is provided, the request body will be signed using HMAC, allowing the
+secret is provided, the request body will be signed using HMAC, allowing the
 receiver to verify the notification message's authenticity and integrity.
+The HMAC secret to use must be specified in the separate
+.Xr gotd-secrets.conf 5
+file, using the
+.Ar label
+as identifier.
 The signature uses HMAC-SHA256 and will be sent in the HTTP header
 .Dq X-Gotd-Signature .
 .Pp
-If provided,
-the authentication data
-.Ar auth
-and the HMAC secret
-.Ar label
-are resolved using the
-.Xr gotd-secrets.conf 5
-file.
-.Pp
 The request body contains a JSON object with a
 .Dq notifications
 property containing an array of notification objects.