commit 38b2f36751671284d30e77bfde33813354caaf48
from: Stefan Sperling <stsp@stsp.name>
via: Thomas Adam <thomas@xteddy.org>
date: Tue Sep 10 14:11:00 2024 UTC

in gotd.8, mention the need for gotd-secrets.conf more clearly

commit - 462f16118e8719ceef7aee8d275f859f9d0e84a8
commit + 38b2f36751671284d30e77bfde33813354caaf48
blob - 54878c9402ad6203ea5e8dd27dea510086c07f1e
blob + 1a330f268fc8aa4dd56068850e152e343160c97e
--- gotd/gotd.conf.5
+++ gotd/gotd.conf.5
@@ -350,6 +350,9 @@ no TLS errors occur.
 The optional
 .Ic auth
 directive enables HTTP Basic authentication.
+Authentication credentials must be specified in the separate
+.Xr gotd-secrets.conf 5
+file.
 Unless the
 .Ic insecure
 option is specified the notification target
@@ -360,21 +363,16 @@ URL to avoid leaking of authentication credentials.
 .Pp
 If a
 .Ic hmac
-.Ar label
-is provided, the request body will be signed using HMAC, allowing the
+secret is provided, the request body will be signed using HMAC, allowing the
 receiver to verify the notification message's authenticity and integrity.
+The HMAC secret to use must be specified in the separate
+.Xr gotd-secrets.conf 5
+file, using the
+.Ar label
+as identifier.
 The signature uses HMAC-SHA256 and will be sent in the HTTP header
 .Dq X-Gotd-Signature .
 .Pp
-If provided,
-the authentication data
-.Ar auth
-and the HMAC secret
-.Ar label
-are resolved using the
-.Xr gotd-secrets.conf 5
-file.
-.Pp
 The request body contains a JSON object with a
 .Dq notifications
 property containing an array of notification objects.