Secrets like SECRET_KEY_BASE and BASIC_AUTH_PASSWORD should be passed to the service without adding them to the world-readable Nix store.Note that either this file needs to be available on the host on which <code>pinchflat</code> is running, or the option <code>selfhosted</code> must be <code>true</code>. Further, SECRET_KEY_BASE has a minimum length requirement of 64 bytes. One way to generate such a secret is to use <code>openssl rand -hex 64</code>.As an example, the contents of the file might look like this:<pre><code>SECRET_KEY_BASE=...copy-paste a secret token here...
BASIC_AUTH_USERNAME=...basic auth username...
BASIC_AUTH_PASSWORD=...basic auth password...
</code></pre>

services.pinchflat.secretsFile

Secrets like SECRET_KEY_BASE and BASIC_AUTH_PASSWORD should be passed to the service without addin…