From 1a7ffb4bff69aa32dc898c650215cba405031202 Mon Sep 17 00:00:00 2001
From: Andrew Godwin
Date: Thu, 15 Dec 2022 16:02:37 -0700
Subject: Add a big warning to secret_key now it's important

---
 docs/installation.rst | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/installation.rst b/docs/installation.rst
index 3fdda0d..003da03 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -74,6 +74,14 @@ be provided to the containers from the first boot.
 * ``TAKAHE_SECRET_KEY`` must be a fixed, random value (it's used for internal
   cryptography). Don't change this unless you want to invalidate all sessions.
 
+  .. warning::
+
+    You **must** keep the value of ``TAKAHE_SECRET_KEY`` unique and secret. Anyone
+    with this value can modify their session to impersonate any user, including
+    admins. It should be kept even more secure than your admin passwords, and
+    should be long, random and completely unguessable. We recommend that it is
+    at least 64 characters.
+
 * ``TAKAHE_MEDIA_BACKEND`` must be a URI starting with ``local://``, ``s3://``
   or ``gcs://``. See :ref:`media_configuration` below for more.
 
-- 
cgit v1.2.3