From c360da0f8b642d28601a06f2b5c3e072a5dbfca7 Mon Sep 17 00:00:00 2001
From: V02460 <git@kaialexhiller.de>
Date: Wed, 26 Feb 2025 16:55:10 +0100
Subject: Add worker_replication_secret_path config option (#18191)

Workers now get their secrets from files, too! There are not many config
options left to pathify :) Includes documentation and unit tests.

### Pull Request Checklist

<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->

* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
  - Use markdown where necessary, mostly for `code blocks`.
  - End with either a period (.) or an exclamation mark (!).
  - Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))

---------

Co-authored-by: Devon Hudson <devon.dmytro@gmail.com>
---
 docs/usage/configuration/config_documentation.md | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'docs/usage/configuration/config_documentation.md')

diff --git a/docs/usage/configuration/config_documentation.md b/docs/usage/configuration/config_documentation.md
index f5a5aa2eb4..ffee089304 100644
--- a/docs/usage/configuration/config_documentation.md
+++ b/docs/usage/configuration/config_documentation.md
@@ -3252,7 +3252,7 @@ Example configuration:
 form_secret_path: /path/to/secrets/file
 ```
 
-_Added in Synapse 1.125.0._
+_Added in Synapse 1.126.0._
 
 ---
 ## Signing Keys
@@ -4527,6 +4527,22 @@ Example configuration:
 ```yaml
 worker_replication_secret: "secret_secret"
 ```
+---
+### `worker_replication_secret_path`
+
+An alternative to [`worker_replication_secret`](#worker_replication_secret):
+allows the secret to be specified in an external file.
+
+The file should be a plain text file, containing only the secret.
+Synapse reads the secret from the given file once at startup.
+
+Example configuration:
+```yaml
+worker_replication_secret_path: /path/to/secrets/file
+```
+
+_Added in Synapse 1.126.0._
+
 ---
 ### `start_pushers`
 
-- 
cgit 1.5.1