From 82282419fe43ec60342143d708522d9eee0989a5 Mon Sep 17 00:00:00 2001
From: binwiederhier <phil@heckel.io>
Date: Thu, 31 Jul 2025 10:34:02 +0200
Subject: [PATCH] Self-review

---
 cmd/user.go       | 2 +-
 docs/releases.md  | 2 +-
 server/server.yml | 7 +++++--
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/cmd/user.go b/cmd/user.go
index 84d8df15..ef29cb8e 100644
--- a/cmd/user.go
+++ b/cmd/user.go
@@ -143,7 +143,7 @@ Example:
 			Description: `Asks for a password and creates a bcrypt password hash.
 
 This command is useful to create a password hash for a user, which can then be used
-for predefined users in the server config file, in auth-provision-users.
+for predefined users in the server config file, in auth-users.
 
 Example:
   $ ntfy user hash
diff --git a/docs/releases.md b/docs/releases.md
index 4f79f544..7e383dce 100644
--- a/docs/releases.md
+++ b/docs/releases.md
@@ -1456,7 +1456,7 @@ and the [ntfy Android app](https://github.com/binwiederhier/ntfy-android/release
 
 **Features:**
 
-* [Declarative users and ACL entries](config.md#users-and-roles) ([#464](https://github.com/binwiederhier/ntfy/issues/464), [#1384](https://github.com/binwiederhier/ntfy/pull/1384), thanks to [pinpox](https://github.com/pinpox) for reporting, to [@wunter8](https://github.com/wunter8) for reviewing)
+* [Declarative users](config.md#users-via-the-config), [declarative ACL entries](config.md#acl-entries-via-the-config) and [declarative tokens](config.md#tokens-via-the-config) ([#464](https://github.com/binwiederhier/ntfy/issues/464), [#1384](https://github.com/binwiederhier/ntfy/pull/1384), thanks to [pinpox](https://github.com/pinpox) for reporting, to [@wunter8](https://github.com/wunter8) for reviewing)
 * [Pre-defined templates](publish.md#pre-defined-templates) and [custom templates](publish.md#custom-templates) for enhanced JSON webhook support ([#1390](https://github.com/binwiederhier/ntfy/pull/1390))
 * Support of advanced [template functions](publish.md#template-functions) based on the [Sprig](https://github.com/Masterminds/sprig) library ([#1121](https://github.com/binwiederhier/ntfy/issues/1121), thanks to [@davidatkinsondoyle](https://github.com/davidatkinsondoyle) for reporting, to [@wunter8](https://github.com/wunter8) for implementing, and to the Sprig team for their work)
 
diff --git a/server/server.yml b/server/server.yml
index 2a623bc4..9b3a008b 100644
--- a/server/server.yml
+++ b/server/server.yml
@@ -84,10 +84,12 @@
 #   WAL mode. This is similar to cache-startup-queries. See above for details.
 # - auth-users is a list of users that are automatically created when the server starts.
 #   Each entry is in the format "<username>:<password-hash>:<role>", e.g. "phil:$2a$10$YLiO8U21sX1uhZamTLJXHuxgVC0Z/GKISibrKCLohPgtG7yIxSk4C:user"
+#   Use 'ntfy user hash' to generate the password hash from a password.
 # - auth-access is a list of access control entries that are automatically created when the server starts.
 #   Each entry is in the format "<username>:<topic-pattern>:<access>", e.g. "phil:mytopic:rw" or "phil:phil-*:rw".
 # - auth-tokens is a list of access tokens that are automatically created when the server starts.
 #   Each entry is in the format "<username>:<token>[:<label>]", e.g. "phil:tk_1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef:My token".
+#   Use 'ntfy token generate' to generate a new access token.
 #
 # Debian/RPM package users:
 #   Use /var/lib/ntfy/user.db as user database to avoid permission issues. The package
@@ -100,8 +102,9 @@
 # auth-file: <filename>
 # auth-default-access: "read-write"
 # auth-startup-queries:
-# auth-provision-users:
-# auth-provision-access:
+# auth-users:
+# auth-access:
+# auth-tokens:
 
 # If set, the X-Forwarded-For header (or whatever is configured in proxy-forwarded-header) is used to determine
 # the visitor IP address instead of the remote address of the connection.