From: Tom Clegg Date: Tue, 8 Dec 2020 16:02:19 +0000 (-0500) Subject: 17151: Merge branch 'master' X-Git-Tag: 2.2.0~174^2 X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/80a90301263f46ebb7b26297093763882f2cf582 17151: Merge branch 'master' Arvados-DCO-1.1-Signed-off-by: Tom Clegg --- 80a90301263f46ebb7b26297093763882f2cf582 diff --cc doc/install/install-api-server.html.textile.liquid index 2893111e35,c7303bbba2..ca55be53e3 --- a/doc/install/install-api-server.html.textile.liquid +++ b/doc/install/install-api-server.html.textile.liquid @@@ -48,21 -48,23 +48,20 @@@ h3. Token

    SystemRootToken: "$system_root_token"
      ManagementToken: "$management_token"
 -    API:
 -      RailsSessionSecretToken: "$rails_secret_token"
      Collections:
-       BlobSigningKey: "blob_signing_key"
+       BlobSigningKey: "$blob_signing_key"

- @SystemRootToken@ is used by Arvados system services to authenticate as the system (root) user when communicating with the API server. + These secret tokens are used to authenticate messages between Arvados components. + * @SystemRootToken@ is used by Arvados system services to authenticate as the system (root) user when communicating with the API server. + * @ManagementToken@ is used to authenticate access to system metrics. -* @API.RailsSessionSecretToken@ is used to sign session cookies. + * @Collections.BlobSigningKey@ is used to control access to Keep blocks. - @ManagementToken@ is used to authenticate access to system metrics. - - @Collections.BlobSigningKey@ is used to control access to Keep blocks. - - You can generate a random token for each of these items at the command line like this: + Each token should be a string of at least 50 alphanumeric characters. You can generate a suitable token with the following command: -

~$ tr -dc 0-9a-zA-Z </dev/urandom | head -c50; echo
+ ~$ tr -dc 0-9a-zA-Z </dev/urandom | head -c50 ; echo