Shared secret authentication

Typically used by hosting providers, shared secret authentication can be optionally enabled to make requests as a media repo administrator without needing an account on any of the configured homeservers. Some requests do still require an administrator on a configured homeserver, however most of the Admin API can be used by shared secret users.

The full configuration for shared secret authentication (disabled by default) is:

sharedSecretAuth:
  enabled: false
  token: "PutSomeRandomSecureValueHere"

It is strongly recommended to use a secure random value for token to prevent unauthorized access to the media repo.

matrix-media-repo

Shared secret authentication