This documentation site is about the unstable (upcoming) Comentario version.

Switch to the stable version »


Secrets configuration

Comentario stores its sensitive data in a YAML file called secrets. The secrets file is a part of static backend configuration.

The main reason for choosing this approach was that a separate secrets file can easily be deployed and connected to Comentario running in a Docker container or Kubernetes cluster.

The file is a regular YAML file; it doesn’t necessarily need to be named secrets.yaml, but it’s the default name unless configured otherwise.

Secrets file reference

There’s a sample secrets.yaml file in Comentario git repository, which you can (and should) use as a starting point for your production configuration.

Below is a summary of the values in the secrets file.

KeyTypeRequiredDescriptionDefault value
postgres.hoststringHostname or IP address of PostgreSQL DB
postgres.portintegerPort number of PostgreSQL DB5432
postgres.databasestringName of the PostgreSQL database
postgres.usernamestringUsername to connect to PostgreSQL DB
postgres.passwordstringPassword to connect to PostgreSQL DB
postgres.sslmodestringSSL mode when connecting to Postgres DBdisable
smtpServer.hoststringHostname or IP address of SMTP server
smtpServer.portintegerPort number of SMTP server
smtpServer.usernamestringUsername to connect to SMTP server
smtpServer.passwordstringPassword to connect to SMTP server
smtpServer.encryptionstringEncryption used for sending mails: none, ssl, tlsDerived from port
smtpServer.insecurebooleanWhether to skip server’s SSL certificate verificationfalse
idp.facebook.disablebooleanWhether to forcefully disable Facebook authentication
idp.facebook.keystringClient ID for Facebook authentication
idp.facebook.secretstringClient secret for Facebook authentication
idp.github.disablebooleanWhether to forcefully disable GitHub authentication
idp.github.keystringClient ID for GitHub authentication
idp.github.secretstringClient secret for GitHub authentication
idp.gitlab.disablebooleanWhether to forcefully disable GitLab authentication
idp.gitlab.keystringClient ID for GitLab authentication
idp.gitlab.secretstringClient secret for GitLab authentication to forcefully disable Google authentication ID for Google authentication secret for Google authentication
idp.twitter.disablebooleanWhether to forcefully disable Twitter authentication
idp.twitter.keystringClient ID for Twitter authentication
idp.twitter.secretstringClient secret for Twitter authentication
extensions.akismet.disablebooleanWhether to globally disable Akismet API
extensions.akismet.keystringAkismet API key
extensions.perspective.disablebooleanWhether to globally disable Perspective API
extensions.perspective.keystringPerspective API key
extensions.apiLayerSpamChecker.disablebooleanWhether to globally disable APILayer SpamChecker API
extensions.apiLayerSpamChecker.keystringAPILayer SpamChecker API key

As you can see above, only the database configuration is mandatory, and the rest is optional: