You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: doc/sphinx-guides/source/installation/config.rst
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3308,23 +3308,23 @@ Can also be set via *MicroProfile Config API* sources, e.g. the environment vari
3308
3308
3309
3309
**Note:** This setting was previously called `dataverse.personOrOrg.orgPhraseArray` and expected a JsonArray of strings. Please update both the name and value format if using the old setting.
3310
3310
3311
-
.. _dataverse.api.signature-secret:
3311
+
.. _dataverse.api.signing-secret:
3312
3312
3313
-
dataverse.api.signature-secret
3313
+
dataverse.api.signing-secret
3314
3314
++++++++++++++++++++++++++++++
3315
3315
3316
3316
Context: Dataverse has the ability to create "Signed URLs" for it's API calls. Using a signed URLs is more secure than
3317
3317
providing API tokens, which are long-lived and give the holder all of the permissions of the user. In contrast, signed URLs
3318
3318
are time limited and only allow the action of the API call in the URL. See :ref:`api-exttools-auth` and
3319
3319
:ref:`api-native-signed-url` for more details.
3320
3320
3321
-
The key used to sign a URL is created from the API token of the creating user plus a signature-secret provided by an administrator.
3322
-
**Using a signature-secret is highly recommended.** This setting defaults to an empty string. Using a non-empty
3323
-
signature-secret makes it impossible for someone who knows an API token from forging signed URLs and provides extra security by
3321
+
The key used to sign a URL is created from the API token of the creating user plus a signing-secret provided by an administrator.
3322
+
**Using a signing-secret is highly recommended.** This setting defaults to an empty string. Using a non-empty
3323
+
signing-secret makes it impossible for someone who knows an API token from forging signed URLs and provides extra security by
3324
3324
making the overall signing key longer.
3325
3325
3326
3326
**WARNING**:
3327
-
*Since the signature-secret is sensitive, you should treat it like a password.*
3327
+
*Since the signing-secret is sensitive, you should treat it like a password.*
3328
3328
*See* :ref:`secure-password-storage` *to learn about ways to safeguard it.*
3329
3329
3330
3330
Can also be set via any `supported MicroProfile Config API source`_, e.g. the environment variable ``DATAVERSE_API_SIGNATURE_SECRET`` (although you shouldn't use environment variables for passwords) .
0 commit comments