docs(self-hosted): describe purpose and usage of privateKey option

[fgreinacher]

Closes renovatebot/config-help#598

[JamieMagee]

@fgreinacher I updated your title to a semantic commit format.

Also, It seems like current recommendations suggest key sizes of 2048-bit or above. From Wikipedia:

RSA claimed that 1024-bit keys were likely to become crackable some time between 2006 and 2010 and that 2048-bit keys are sufficient until 2030. NIST recommends 2048-bit keys for RSA. An RSA key length of 3072 bits should be used if security is required beyond 2030.

[fgreinacher]

@fgreinacher I updated your title to a semantic commit format.

Thanks!

Also, It seems like current recommendations suggest key sizes of 2048-bit or above. From Wikipedia:

RSA claimed that 1024-bit keys were likely to become crackable some time between 2006 and 2010 and that 2048-bit keys are sufficient until 2030. NIST recommends 2048-bit keys for RSA. An RSA key length of 3072 bits should be used if security is required beyond 2030.

Yeah, we used a 4096-bit key in our instance, so I document it like that :)

[JamieMagee]

Might also be worth including the command to encrypt secrets from the CLI. I think it is

echo 'MY_SECRET' | openssl rsautl -encrypt -pubin -inkey rsa_pub.pem | base64

Though I haven't tested.

I think we can also update the https://renovatebot.com/encrypt page to accept other public keys.

[viceice]

What about adding a new page for encryption to the docs? so we have a single page with extended docu for creating keypairs and encrypting values.

[rarkins]

OK, but let's not let perfect be the enemy of good. I'm going to accept this PR for now and we can add a new page later dedicated to encryption (privateKey and gitPrivateKey I think?). I think I need to rename the latter variable anyway.

[renovate-release]

🎉 This PR is included in version 19.203.4 🎉

The release is available on:

• GitHub release
• 19.203.4

Your semantic-release bot 📦🚀