From a402ca80d72a0cb4e37602095e8d2ec3a62c6760 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Tue, 20 Jul 2021 09:19:24 -0400
Subject: [PATCH] write some more words about secrets

---
 morph/grid/local/private-keys/README.rst | 41 ++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 morph/grid/local/private-keys/README.rst

diff --git a/morph/grid/local/private-keys/README.rst b/morph/grid/local/private-keys/README.rst
new file mode 100644
index 00000000..c243fd8e
--- /dev/null
+++ b/morph/grid/local/private-keys/README.rst
@@ -0,0 +1,41 @@
+Deployment Secrets
+==================
+
+Deploying PrivateStorageio requires certain secrets.
+For the localdev grid these secrets are kept in this (public) directory.
+This is intended to help make it as easy as possible to launch a local deployment.
+It also serves as an example of what secrets are required for any other deployment.
+
+You can find more information about some of these secrets in ``ops/generating-keys.rst``.
+
+deploy_key
+----------
+
+This is an SSH private key which will be authorized to trigger a deployment update on the deployment hosts themselves.
+
+grafana-admin.password
+----------------------
+
+This is the initial admin password for the Grafana web admin on the monitoring host.
+
+stripe.secret
+-------------
+
+This is the Stripe secret key which the payment server uses to finalize payment processing using Stripe.
+
+ristretto.signing-key
+---------------------
+
+This is the Ristretto-group private key used by the ZKAP issuer.
+
+monitoringvpn
+-------------
+
+This directory holds Wireguard keys for each of the hosts so they can participate in the deployment VPN.
+
+payments-localdev-ssl
+---------------------
+
+This secret is *only* present for the localdev grid.
+This contains a TLS certificate and private key for the payment server.
+Other deployments will automatically generate a key and obtain a certificate from Let's Encrypt.
-- 
GitLab