From ab09364a9839910187cf014d5ef30e1c3bea92a4 Mon Sep 17 00:00:00 2001
From: Eric Callahan <arksine.code@gmail.com>
Date: Sat, 26 Feb 2022 08:27:11 -0500
Subject: [PATCH] docs: provide additional context for the secrets module

Advise users to use unique credentials, and warn them that unattended
clients can be configured to steal credentials.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
---
 docs/configuration.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/docs/configuration.md b/docs/configuration.md
index 72f6e84..5f0738c 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -1638,6 +1638,15 @@ password: {secrets.mqtt_credentials.password}
 enable_moonraker_api: True
 ```
 
+!!! warning
+    The purpose of the `[secrets]` module is to keep credentials and
+    other sensitive information out of configuration files and Moonraker's
+    log.  These items are stored in plain text, it is wise to use
+    unique credentials. Never leave a Moonraker client application open
+    unattended in an untrusted location, as it would be possible for a
+    malicious actor to reconfigure moonraker to send items stored in the
+    secrets file to themselves via `mqtt`, `notifer`, etc.
+
 Home Assistant Switch Example:
 
 ```ini