starred/shiori
1
0
Fork 0
mirror of https://github.com/go-shiori/shiori.git synced 2026-04-25 06:25:54 +03:00
Code Issues 103 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #782] SHIORI_HTTP_SECRET_KEY #374

New issue
Closed
opened 2026-02-25 23:34:05 +03:00 by kerem · 5 comments
kerem commented 2026-02-25 23:34:05 +03:00
Owner
Copy link

Originally created by @LLKoder on GitHub (Nov 17, 2023).
Original GitHub issue: https://github.com/go-shiori/shiori/issues/782

Originally assigned to: @fmartingr on GitHub.

Data

  • Shiori version: last
  • Database Engine: sqlite
  • Operating system: ubuntu
  • CLI/Web interface/Web Extension: CLI

Describe the bug / actual behavior

When I run Shiori in docker I get some WARN error:

SHIORI_HTTP_SECRET_KEY is not set, using random value. This means that all sessions will be invalidated on server restart.

What do this error mean? How can I to fix it?

Originally created by @LLKoder on GitHub (Nov 17, 2023). Original GitHub issue: https://github.com/go-shiori/shiori/issues/782 Originally assigned to: @fmartingr on GitHub. ## Data - **Shiori version**: last - **Database Engine**: sqlite - **Operating system**: ubuntu - **CLI/Web interface/Web Extension**: CLI ## Describe the bug / actual behavior When I run Shiori in docker I get some WARN error: `SHIORI_HTTP_SECRET_KEY is not set, using random value. This means that all sessions will be invalidated on server restart.` What do this error mean? How can I to fix it?
kerem 2026-02-25 23:34:05 +03:00
kerem commented 2026-02-25 23:34:05 +03:00
Author
Owner
Copy link

@fmartingr commented on GitHub (Nov 17, 2023):

Hey @LLKoder, you need to set the SHIORI_HTTP_SECRET_KEY environment variable to something random to use as key for the session tokens. You can generate a pesudo-random string using openssl/pwgen or any number of tools online.

<!-- gh-comment-id:1815807396 --> @fmartingr commented on GitHub (Nov 17, 2023): Hey @LLKoder, you need to set the `SHIORI_HTTP_SECRET_KEY` environment variable to something random to use as key for the session tokens. You can generate a pesudo-random string using `openssl`/`pwgen` or any number of tools online.
kerem commented 2026-02-25 23:34:05 +03:00
Author
Owner
Copy link

@LLKoder commented on GitHub (Nov 17, 2023):

Hi, @fmartingr, do shiori need this key as unique every time when I start/restart service/system? Can you give a example please? I use shiori with docker.

Just I don't understand why this EVAR need users. If it don't use users why can shiori not generate it automatically?

<!-- gh-comment-id:1817243936 --> @LLKoder commented on GitHub (Nov 17, 2023): Hi, @fmartingr, do `shiori` need this key as unique every time when I start/restart service/system? Can you give a example please? I use `shiori` with docker. Just I don't understand why this EVAR need users. If it don't use users why can `shiori` not generate it automatically?
kerem commented 2026-02-25 23:34:05 +03:00
Author
Owner
Copy link

@fmartingr commented on GitHub (Nov 18, 2023):

Shiori generates one random every run, but for security purposes it must me set by the user. It is used to sign the sessions for the users (the authentication used to interact with the API).

How are you deploying shiori? docker compose/docker run? It something like this:

# Generate random string
$ openssl rand -hex 32
4c9598950d692a846977b5bc1dd31f3fed1afe1b3252cb8019e7aa914e2a1297

#  Run shiori
$ docker run --env SHIORI_HTTP_SECRET_KEY=4c9598950d692a846977b5bc1dd31f3fed1afe1b3252cb8019e7aa914e2a1297 ghcr.io/go-shiori/shiori:dev
<!-- gh-comment-id:1817420045 --> @fmartingr commented on GitHub (Nov 18, 2023): Shiori generates one random every run, but for security purposes it must me set by the user. It is used to sign the sessions for the users (the authentication used to interact with the API). How are you deploying shiori? docker compose/docker run? It something like this: ``` # Generate random string $ openssl rand -hex 32 4c9598950d692a846977b5bc1dd31f3fed1afe1b3252cb8019e7aa914e2a1297 # Run shiori $ docker run --env SHIORI_HTTP_SECRET_KEY=4c9598950d692a846977b5bc1dd31f3fed1afe1b3252cb8019e7aa914e2a1297 ghcr.io/go-shiori/shiori:dev ```
kerem commented 2026-02-25 23:34:05 +03:00
Author
Owner
Copy link

@LLKoder commented on GitHub (Nov 20, 2023):

@fmartingr, maybe don't need to close? This issue was remove from your tags either.

<!-- gh-comment-id:1818160015 --> @LLKoder commented on GitHub (Nov 20, 2023): @fmartingr, maybe don't need to close? This issue was remove from your tags either.
kerem commented 2026-02-25 23:34:05 +03:00
Author
Owner
Copy link

@fmartingr commented on GitHub (Nov 20, 2023):

Yeah leave it open for now so I use this as a reminder to properly update the docs 👍

<!-- gh-comment-id:1818997016 --> @fmartingr commented on GitHub (Nov 20, 2023): Yeah leave it open for now so I use this as a reminder to properly update the docs 👍
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dependabot/go_modules/all-ad9dc7761f
dependabot/github_actions/all-7ab03d418b
dependabot/go_modules/golang.org/x/crypto-0.45.0
dependabot/go_modules/github.com/docker/docker-28.3.3incompatible
feat/bookmarks-api-v1
dependabot/npm_and_yarn/webapp/npm_and_yarn-7372c7abf2
deps/update202509
feat/pdf-archiver
feat/apiv1/tags
release/v1.7
fix/thumbnail-cache
gh-pages
fix/openbsd-test-speed
release/v1.6.1
release/v1.6.0
fmartingr/windows-tests
afero-removal
ci/windows-macos
feat/cookie-auth
webroot-support-new-server
fix/secret-key-makefile
frontend-jwt-auth
fmartingr/issue663
fix/remove-tag-package-name
fmartingr/issue455
fix/delete-pr-tags
feat/cross-api-authentication
feat/api-v1-to-master
release/v1.5.5
feat/api-next
release/v1.5.5-rc.2
deps/go-1.20
fix/bookmark-update
draft/gorm
v1.8.0
v1.8.0-rc.1
v1.7.4
v1.7.3
v1.7.2
v1.7.2-rc.1
v1.7.1
v1.7.0
v1.7.0-rc.3
v1.7.0-rc.2
v1.7.0-rc.1
v1.6.3
v1.6.2
v1.6.1
v1.6.0
v1.6.0-rc.7
v1.6.0-rc.6
v1.6.0-rc.5
v1.6.0-rc.4
v1.6.0-rc.3
v1.6.0-rc.2
v1.6.0-rc.1
v1.5.5
v1.5.5-rc.2
v1.5.5-rc.1
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.0
v0.9
Labels
Clear labels   
component:backend

   
component:builds

   
component:builds

   
component:extension

   
component:frontend

   
component:readability

   
database

   
database:mysql

   
database:postgres

   
database:sqlite

   
feature:ebooks

   
github_actions

   
good first issue

   
hacktoberfest

   
note:duplicate?

   
note:fixed?

   
note:out-of-scope?

   
os:windows

   
priority:high

   
priority:low

   
pull-request

Mirrored from GitHub Pull Request

  
resolution:as-intended

   
resolution:cant-reproduce

   
resolution:duplicate

   
resolution:fixed

   
resolution:wontfix

   
tag:TBD

   
tag:big-task

   
tag:help-wanted

   
tag:huge-data

   
tag:meta

   
tag:more-info

   
tag:next

   
tag:no-stale

   
tag:requires-migrations

   
tag:research

   
tag:security 🛡️

   
tag:stale

   
tag:waiting-for-assignee

   
type:bug

   
type:documentation

   
type:enhancement

   
type:meta

   
type:ux

   
user:cli

   
user:web
No labels
component:backend
component:builds
component:builds
component:extension
component:frontend
component:readability
database
database:mysql
database:postgres
database:sqlite
feature:ebooks
github_actions
good first issue
hacktoberfest
note:duplicate?
note:fixed?
note:out-of-scope?
os:windows
priority:high
priority:low
pull-request
resolution:as-intended
resolution:cant-reproduce
resolution:duplicate
resolution:fixed
resolution:wontfix
tag:TBD
tag:big-task
tag:help-wanted
tag:huge-data
tag:meta
tag:more-info
tag:next
tag:no-stale
tag:requires-migrations
tag:research
tag:security 🛡️
tag:stale
tag:waiting-for-assignee
type:bug
type:documentation
type:enhancement
type:meta
type:ux
user:cli
user:web
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/shiori#374
No description provided.