Skip to content

Discourage the `turn-secret` option

The --turn-secret option of the onionmasq binary is not a good solution from a security point of view (i.e. attackers can extract the password from the system-wide process list).

I think this option should emit a warning when used, we should also add an option to read the secret from a file.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information