From: Omar Polo <op@omarpolo.com>
Subject: RFC: secrets for gotd
To: gameoftrees@openbsd.org
Date: Sun, 25 Aug 2024 19:46:01 +0200

Currently gotd.conf holds some sensible data for http notifications in
plain.  Furthermore gotd.conf has to be world-readable to not break
gotsh(1).

So, here's a proposal to break out the secrets in a separate config file
which can (and must) be owned by root and not world-readable.  When
parsing the files for gotsh(1) or similar purpose we can skip the
"include".

It's mostly about syntax and taste, hence an RFC instead of a diff.
Let's bikeshed a bit and once we reach a consensus I'll start working on
it.

While here I couldn't help but also try to move "insecure" before "url",
because otherwise I would read it as "insecure auth", which could also be
fine, or "insecure hmac" which is... curious :)


# /etc/gotd.secrets.conf
auth "xyz" {
	username "flan"
	password "flan123!"
}

hmac "abc" {
	secret "o0wgEB5QyRRKUwHlobeVX1JguCvkTBBohhQnINbxaOs="
}


# /etc/gotd.conf
include secret "/etc/gotd.secrets.conf"  # root-owned; skipped by gotsh

repository "src.git" {
	path "/var/git/src.git"
	permit rw :developers
	permit ro anonymous

	notify {
		branch "main"

		insecure url "http://some.other.host:8080/foo" auth "xyz"
		# or
		insecure url "http://..." hmac "abc"
		# or even both
	}
}


Using for `url "..." auth' an undefined label or an hmac value will
produce an error.  Likewise for `url "..." hmac'.


Opinions?