Don't conflate oauth client secrets with zcap key seeds
aljones15 opened this issue · comments
Andrew Jones commented
Zcap key seeds should use their own naming convention and not re-use the CLIENT_SECRET_VENDOR_NAME
pattern.
Also please make sure env variables are marked so no one accidentally commits oauth or zcap secrets to this repo.
Add a section to the README that explains how to set organization wide CLIENT_SECRETS
Andrew Jones commented
I believe we want to use the format KEY_SEED_VENDOR
for the zcap key seed material.
Andrew Jones commented
closing as this has been addressed.