Possible value for secrets.peertube in production.yaml


In the production.yaml file, I see that we can generate the value for secrets.peertube using this command:

openssl rand -hex 32

I just wanted to know if there are some kind of constraints regarding the content of the string. For the Yunohost package, we’d like to ensure whether a string of 24 alphanum characters (mixing upper and lower case) randomly generated can be accepted by the system. Or has it to be an hexadecimal string only?

FWIW, here is the algorithm used to generate the random string for Yunohost:


I don’t think we have constraints on secrets. We use scrypt on the secret to generate an encrypted secret to the appropriate byte size. This encrypted secret will be used as a key for a symmetric encryption (OTP secret in database).

1 Like

For the record, in an Ansible playbook I used this value:
{{ lookup('password', peertube__config_secrets_peertube_path + ' length=64 chars=digits,a,b,c,d,e,f') }}

I used this because i didn’t know if I could have used other characters. And I didn’t find an obvious response looking at the Peertube code.