@@ -197,7 +197,7 @@ If you are using the main npmjs registry then you can configure just the `npmTok
If you don't want all users of the repository to see the unencrypted token, you can encrypt it with Renovate's public key instead, so that only Renovate can decrypt it.
Go to <https://renovatebot.com/encrypt>, paste in your npm token, click "Encrypt", then copy the encrypted result.
Go to <https://app.renovatebot.com/encrypt>, paste in your npm token, click "Encrypt", then copy the encrypted result.
Paste the encrypted result inside an `encrypted` object like this:
...
...
@@ -229,7 +229,7 @@ Renovate will then use the following logic:
#### Encrypted entire .npmrc file into config
Copy the entire `.npmrc`, replace newlines with `\n` characters , and then try encrypting it at <https://renovatebot.com/encrypt>.
Copy the entire `.npmrc`, replace newlines with `\n` characters , and then try encrypting it at <https://app.renovatebot.com/encrypt>.
You will then get an encrypted string that you can substitute into your `renovate.json` instead.
@@ -44,7 +44,7 @@ If you are using a [privately hosted Composer package](https://getcomposer.org/d
This host rule is best added to the bot's `config.js` config so that it is not visible to users of the repository.
If you are using the hosted WhiteSource Renovate App then you can encrypt it with Renovate's public key instead, so that only Renovate can decrypt it.
Go to [https://renovatebot.com/encrypt](https://renovatebot.com/encrypt), paste in the secret string you wish to encrypt, click _Encrypt_, then copy the encrypted result.
Go to [https://app.renovatebot.com/encrypt](https://app.renovatebot.com/encrypt), paste in the secret string you wish to encrypt, click _Encrypt_, then copy the encrypted result.
You may encrypt your `password` only, but you can encrypt your `username` as well.
@@ -331,7 +331,7 @@ e.g. run `renovate foo/bar --print-config > config.log` and the fully-resolved c
This private key is used to decrypt config files.
The corresponding public key can be used to create encrypted values for config files.
If you want a simple UI to encrypt values you can put the public key in a HTML page similar to <https://renovatebot.com/encrypt>.
If you want a simple UI to encrypt values you can put the public key in a HTML page similar to <https://app.renovatebot.com/encrypt>.
To create the key pair with GPG use the following commands:
...
...
@@ -392,7 +392,7 @@ sub rsa4096 2021-09-10 [E]
- Run `gpg --armor --export YOUR_NEW_KEY_ID > renovate-public-key.asc` to generate an armored (text-based) public key file
The private key should then be added to your Renovate Bot global config (either using `privateKeyPath` or exporting it to the `RENOVATE_PRIVATE_KEY` environment variable).
The public key can be used to replace the existing key in <https://renovatebot.com/encrypt> for your own use.
The public key can be used to replace the existing key in <https://app.renovatebot.com/encrypt> for your own use.
Any encrypted secrets using GPG must have a mandatory organization/group scope, and optionally can be scoped for a single repository only.
The reason for this is to avoid "replay" attacks where someone could learn your encrypted secret and then reuse it in their own Renovate repositories.