From c737bed42f73f3ee1be576f5f739d4fc3d713f40 Mon Sep 17 00:00:00 2001
From: MaxHearnden <MaxHearnden@users.noreply.github.com>
Date: Wed, 19 Oct 2022 16:24:01 +0100
Subject: [PATCH] Fix insecure advice in the manual

Bring the manual in line with the configuration documentation
---
 doc/manual/src/projects.md | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/doc/manual/src/projects.md b/doc/manual/src/projects.md
index 95174f1b..a399406d 100644
--- a/doc/manual/src/projects.md
+++ b/doc/manual/src/projects.md
@@ -378,13 +378,18 @@ This section describes how it can be implemented for `gitea`, but the approach f
 analogous:
 
 * [Obtain an API token for your user](https://docs.gitea.io/en-us/api-usage/#authentication)
-* Add it to your `hydra.conf` like this:
+* Add it to a file which only users in the hydra group can read like this: see [including files](configuration.md#including-files) for more information
+  ```
+  <gitea_authorization>
+    your_username=your_token
+  </gitea_authorization>
+  ```
+
+* Include the file in your `hydra.conf` like this:
   ``` nix
   {
     services.hydra-dev.extraConfig = ''
-      <gitea_authorization>
-      your_username=your_token
-      </gitea_authorization>
+      Include /path/to/secret/file
     '';
   }
   ```