From caf920237a1fc2f8d4bc706e69163bc5979817e1 Mon Sep 17 00:00:00 2001
From: Tobias <github@tobiasgabriel.de>
Date: Wed, 23 Jun 2021 17:11:45 +0200
Subject: [PATCH] docs: add encryption infos for self-hosting (#10557)

---
 docs/usage/private-modules.md           | 4 +++-
 docs/usage/self-hosted-configuration.md | 8 ++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/docs/usage/private-modules.md b/docs/usage/private-modules.md
index 29ee645095..87159f65ba 100644
--- a/docs/usage/private-modules.md
+++ b/docs/usage/private-modules.md
@@ -198,7 +198,7 @@ The WhiteSource Renovate App does not run using GitHub Actions, but such secrets
 
 ## Admin/Bot config vs User/Repository config for Self-hosted users
 
-"AdminBot config" refers to the config which the Renovate Bot administrator provides at bot startup, e.g. using environment variables, CLI parameters, or the `config.js` configuration file.
+"Admin/Bot config" refers to the config which the Renovate Bot administrator provides at bot startup, e.g. using environment variables, CLI parameters, or the `config.js` configuration file.
 User/Repository config refers to the in-repository config file which defaults to `renovate.json` but has a large number of alternative filenames supported.
 
 If there is a need to supply custom rules for certain repository, it can still be done using the `config.js` file and the `repositories` array.
@@ -212,6 +212,8 @@ For instructions on this, see the above section on encrypting secrets for the Wh
 - Use the resulting HTML encrypt page to encrypt secrets for your app before adding them to user/repository config
 - Configure the app to run with `privateKey` set to the private key you generated above
 
+Note: Encrypted values can't be used in the "Admin/Bot config".
+
 ### hostRules configuration using environment variables
 
 Self-hosted users can use environment variables to configure the most common types of `hostRules` for authentication.
diff --git a/docs/usage/self-hosted-configuration.md b/docs/usage/self-hosted-configuration.md
index c2e3b51875..9662206fef 100644
--- a/docs/usage/self-hosted-configuration.md
+++ b/docs/usage/self-hosted-configuration.md
@@ -330,6 +330,14 @@ To create the key pair with OpenSSL use the following commands:
 - `openssl genrsa -out rsa_priv.pem 4096` for generating the private key
 - `openssl rsa -pubout -in rsa_priv.pem -out rsa_pub.pem` for extracting the public key
 
+To encrypt a secret with OpenSSL use the following command:
+
+```bash
+echo 'actual-secret' | openssl rsautl -encrypt -pubin -inkey rsa_pub.pem | base64
+```
+
+Replace `actual-secret` with the secret to encrypt.
+
 ## privateKeyPath
 
 Used as an alternative to `privateKey`, if you wish for the key to be read from disk instead.
-- 
GitLab