credentials:
  database_password:
    description: "Password for the Mastodon PostgreSQL database user"
    algorithm: "bcrypt"
    validation: "^\\$2[aby]\\$.{56}$"

  secret_key_base:
    description: "Main secret key used to verify the integrity of signed cookies and tokens"
    algorithm: "sha256"
    validation: "^[a-f0-9]{64}$"

  otp_secret:
    description: "OTP secret used for two-factor authentication"
    algorithm: "sha256"
    validation: "^[a-f0-9]{64}$"

  vapid_private_key:
    description: "Private VAPID key used for web push notifications"
    algorithm: "plain"
    validation: "^[-_a-zA-Z0-9]{30,}$"

  vapid_public_key:
    description: "Public VAPID key used for web push notifications"
    algorithm: "plain"
    validation: "^[-_a-zA-Z0-9]{30,}$"

  active_record_encryption_deterministic_key:
    description: "Deterministic encryption key for Active Record encryption"
    algorithm: "sha256"
    validation: "^[a-f0-9]{64}$"

  active_record_encryption_key_derivation_salt:
    description: "Key derivation salt for Active Record encryption"
    algorithm: "sha256"
    validation: "^[a-f0-9]{64}$"

  active_record_encryption_primary_key:
    description: "Primary encryption key for Active Record encrypted columns"
    algorithm: "sha256"
    validation: "^[a-f0-9]{64}$"