From f62344049aa31fc9576611b9450c06a22382c034 Mon Sep 17 00:00:00 2001
From: Joey Hafner <jafner425@gmail.com>
Date: Fri, 15 Dec 2023 11:48:44 -0800
Subject: [PATCH] #110 Init Secrets.md Update DDClient readme for new hostname

---
 homelab/docs/Secrets.md               | 15 +++++++++++++++
 homelab/fighter/config/ddns/README.md |  2 +-
 2 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 homelab/docs/Secrets.md

diff --git a/homelab/docs/Secrets.md b/homelab/docs/Secrets.md
new file mode 100644
index 00000000..7bb6ad9c
--- /dev/null
+++ b/homelab/docs/Secrets.md
@@ -0,0 +1,15 @@
+# Secrets
+Our repository contains as many configuration details as reasonable. But we must secure our secrets: passwords, API keys, encryption seeds, etc..  
+
+## Docker Env Vars
+1. We store our Docker env vars in a file named after the service. For example `keycloak.env`. 
+2. We separate our secrets from non-secret env vars by placing them in a file with a similar name, but with `_secrets` appended to the service name. For example `keycloak_secrets.env`. These files exist only on the host for which they are necessary, and must be created manually on the host. 
+3. Our repository `.gitignore` excludes all files matching `*.secret`, and `*_secrets.env`. 
+
+Note: This makes secrets very fragile. Accidental deletion or other data loss can destroy the secret permanently.
+
+## Generating Secrets
+We use the password manager's generator to create secrets with the desired parameters, preferring the following parameters:
+    - 64 characters
+    - Capital letters, lowercase letters, numbers, and standard symbols (`^*@#!&$%`)
+If necessary, we will reduce characterset by cutting out symbols before reducing string length.
diff --git a/homelab/fighter/config/ddns/README.md b/homelab/fighter/config/ddns/README.md
index a36966a2..31bfa695 100644
--- a/homelab/fighter/config/ddns/README.md
+++ b/homelab/fighter/config/ddns/README.md
@@ -6,7 +6,7 @@ Our credentials are stored in `ddclient_secrets.env`, which is git-ignored. Addi
 So we generate the config file when it must be updated. To update the file, we can run the following command:  
 
 ```bash
-cd ~/homelab/jafner-net/config/ddns/ && \
+cd ~/homelab/fighter/config/ddns/ && \
 export $(cat ddclient_secrets.env | xargs) && \
 envsubst < ./ddclient/ddclient.template > ./ddclient/ddclient.conf && \
 unset $(grep -v '^#' ddclient_secrets.env | sed -E 's/(.*)=.*/\1/' | xargs) && \