Hi, There are a few things I noticed relating to the docs that could be clarified:
1. The docs (https://syncope.apache.org/docs/2.1/getting-started.html#moving-forward) state that the "secretKey" value is only needed if adminPasswordAlgorithm or password.cipher.algorithm is "AES", implying that it could be left blank if you are not using AES. However, I see CipherAlgorithm.AES in the source code in several places (e.g. ./core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java), which implies that secretKey should always be required. Which is correct? 2. I think we need to give clearer guidance about how to change secretKey. How should a user generate a random 256 bit AES key, and then encode it for this parameter? (e.g. possibly using openssl -rand). 3. Both docs give minimal information on what "anonymousKey" is used for. What is it used for and how should a user generate a new value for it? Colm.
