Add a common warning message about not to share an access token

Based on docs/obtaining-access-tokens.md Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-12-23 11:01:30 +09:00
parent fb05eace5a
commit 7911cdb232
11 changed files with 19 additions and 3 deletions
--- a/docs/maintenance-synapse.md
+++ b/docs/maintenance-synapse.md
@ -18,6 +18,8 @@ You can use the **[Purge History API](https://github.com/element-hq/synapse/blob

 To make use of this Synapse Admin API, **you'll need an admin access token** first. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).

+⚠️ **Warning**: Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone.
+
 Synapse's Admin API is not exposed to the internet by default, following [official Synapse reverse-proxying recommendations](https://github.com/element-hq/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints). To expose it you will need to add `matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: true` to your `vars.yml` file.

 Follow the [Purge History API](https://github.com/element-hq/synapse/blob/master/docs/admin_api/purge_history_api.md) documentation page for the actual purging instructions.