There are four configurable secrets, and they are listed in the cheat sheet.
But they are not properly documented - I am unsure what each is used for.
-
INTERNAL_TOKEN: “Secret used to validate communication within Gitea binary.”
I’m not a go dev, so it’s not obvious to me what that means. Should I set this to a custom value in myapp.ini? -
JWT_SECRET: “OAuth2 authentication secret for access and refresh tokens…”
I’m using username/password auth, so I assume I can ignore this? -
LFS_JWT_SECRET: “LFS authentication secret, change this a unique string”
I’m using git lfs, but not oauth. Should I still set this? -
SECRET_KEY: “Global secret key. This key is VERY IMPORTANT, if you lost it, the data encrypted by it (like 2FA secret) can’t be decrypted anymore”
I don’t use oauth or 2fa. Should I still set this? (What other data does it encrypt?)
Thanks for your help!