From 120962b6154820b611f2e8ee123dd21fe2a9df5c Mon Sep 17 00:00:00 2001 From: Benjamin Wohlwend Date: Tue, 21 Jun 2022 09:03:35 +0200 Subject: [PATCH] provide better snippet for secret token generation While the previous snippet wasn't necessarily bad, it used uuid4 for something it isn't intended to. Python 3 provides a cryptographically secure token generator, so let's tell our users to use that instead. --- docs/configuration.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuration.asciidoc b/docs/configuration.asciidoc index d33789207..1d28a0374 100644 --- a/docs/configuration.asciidoc +++ b/docs/configuration.asciidoc @@ -341,7 +341,7 @@ An example to generate a secure secret token is: [source,bash] ---- -python -c "import uuid; print(str(uuid.uuid4()))" +python -c "import secrets; print(secrets.token_urlsafe(32))" ---- WARNING: Secret tokens only provide any security if your APM Server uses TLS.