Add the ability to controll password-peppering for Synapse

Closes Github issue #5
This commit is contained in:
Slavi Pantaleev 2018-09-07 15:01:38 +03:00
parent 6d6a6412fa
commit b52d91e180
3 changed files with 10 additions and 2 deletions

View File

@ -1,6 +1,11 @@
# 2018-09-07 # 2018-09-07
## Statistics-reporting support ## Password-peppering support for Matrix Synapse
The playbook now supports enabling password-peppering for increased security in Matrix Synapse via the `matrix_synapse_password_config_pepper` playbook variable. Using a password pepper is disabled by default (just like it used to be before this playbook variable got introduced) and is not to be enabled/disabled after initial setup, as that would invalidate all existing passwords.
## Statistics-reporting support for Matrix Synapse
There's now a new `matrix_synapse_report_stats` playbook variable, which controls the `report_stats` configuration option for Matrix Synapse. It defaults to `false`, so no change is required to retain your privacy. There's now a new `matrix_synapse_report_stats` playbook variable, which controls the `report_stats` configuration option for Matrix Synapse. It defaults to `false`, so no change is required to retain your privacy.

View File

@ -68,6 +68,9 @@ matrix_synapse_rc_message_burst_count: 10.0
# (things like number of users, number of messages sent, uptime, load, etc.) # (things like number of users, number of messages sent, uptime, load, etc.)
matrix_synapse_report_stats: false matrix_synapse_report_stats: false
# Controls password-peppering for Matrix Synapse. Not to be changed after initial setup.
matrix_synapse_password_config_pepper: ""
# A list of additional "volumes" to mount in the container. # A list of additional "volumes" to mount in the container.
# This list gets populated dynamically based on Synapse extensions that have been enabled. # This list gets populated dynamically based on Synapse extensions that have been enabled.
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."} # Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}

View File

@ -538,7 +538,7 @@ password_config:
enabled: true enabled: true
# Uncomment and change to a secret random string for extra security. # Uncomment and change to a secret random string for extra security.
# DO NOT CHANGE THIS AFTER INITIAL SETUP! # DO NOT CHANGE THIS AFTER INITIAL SETUP!
#pepper: "" pepper: "{{ matrix_synapse_password_config_pepper }}"