Fix: include security note for JWT and password in history (#2227)

mjang · ADubhlaoich · pre-commit-ci[bot] · web-flow · commit 5ffb84b4c0a5 · 2024-07-12T07:42:32.000-07:00
* Fix: include security note for JWT and password in history * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Co-authored-by: Alan Dooley <a.dooley@f5.com> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
diff --git a/site/content/includes/installation/jwt-password-note.md b/site/content/includes/installation/jwt-password-note.md
@@ -0,0 +1,11 @@
+---
+docs:
+---
+
+{{< note >}} For security, follow these practices with JSON Web Tokens (JWTs), passwords, and shell history:
+
+1. **JWTs:** JWTs are sensitive information. Store them securely. Delete them after use to prevent unauthorized access.
+
+1. **Shell history:** Commands that include JWTs or passwords are recorded in the history of your shell, in plain text. Clear your shell history after running such commands. For example, if you use bash, you can delete commands in your `~/.bash_history` file. Alternatively, you can run the `history -c` command to erase your shell history.
+
+Follow these practices to help ensure the security of your system and data. {{< /note >}}
diff --git a/site/content/installation/ngf-images/jwt-token-docker-secret.md b/site/content/installation/ngf-images/jwt-token-docker-secret.md
@@ -40,6 +40,7 @@ You will need the following items from [MyF5](https://my.f5.com) for these instr
     kubectl get secret nginx-plus-registry-secret --output=yaml
     ```
 
+{{< include "installation/jwt-password-note.md" >}}
 
 ## Install NGINX Gateway Fabric
 
