Clarify secret requirements (azimuth-cloud#152)

* Clarify secret requirements

For some secrets there are specific requirements.
Let's include some notes in the passwords.yml

* Clarify secret requirements in docs

Author: tomclark0

docs/configuration/08-zenith.md

@@ -17,7 +17,7 @@ zenith_registrar_subdomain_token_signing_key: "<some secret key>"
 
 !!! tip
 
-    This key should be a long, random string - at least 32 bytes (256 bits) is recommended.
+    This key must be a long, random string - at least 32 bytes (256 bits) is required.
     A suitable key can be generated using `openssl rand -hex 32`.
 
 !!! danger

environments/example/inventory/group_vars/all/secrets.yml

@@ -4,6 +4,9 @@
 # It should be encrypted if stored in version control
 # https://stackhpc.github.io/azimuth-config/repository/secrets/
 #####
+# Unless explicitly mentioned otherwise, a long, random string - at least 32 bytes (256 bits) is recommended.
+# A suitable key can be generated using the following command.
+# openssl rand -hex 32
 
 # https://stackhpc.github.io/azimuth-config/configuration/05-secret-key/
 # The secret key for signing Azimuth cookies
@@ -15,12 +18,14 @@ keycloak_admin_password: "<secure password>"
 
 # https://stackhpc.github.io/azimuth-config/configuration/08-zenith/
 # The secret key for signing Zenith registrar tokens
+# This MUST be a minimum of 32 characters
 zenith_registrar_subdomain_token_signing_key: "<secure secret key>"
 
 # https://stackhpc.github.io/azimuth-config/configuration/10-kubernetes-clusters/#harbor-registry
 # The password for the Harbor admin account
 harbor_admin_password: "<secure password>"
 # The secret key for Harbor
+# This MUST be exactly 16 alphanumeric characters
 harbor_secret_key: "<secure secret key>"
 
 # https://stackhpc.github.io/azimuth-config/configuration/14-monitoring/#accessing-web-interfaces