A shared secret key is used by systems generating JSON data to encrypt and sign the JSON, and by the Guacamole server to verify and decrypt received data. This key must be 128 bits, specified with 32 hexadecimal digits.
The 128-bit secret key that will be used to encrypt and sign JSON sent to Guacamole for authentication, formatted as 32 hexadecimal digits. Received JSON will not be accepted unless it has been encrypted and signed using this key.
This key can be essentially anything as long as it is unpredictable. An easy way of generating such a key is to echo a passphrase through the "md5sum" utility. This is the technique OpenSSL itself uses to generate 128-bit keys from passphrases. For example:
$ echo -n "ThisIsATest" | md5sum
Source network restrictions
By default, received encrypted JSON will be accepted as long as it is valid and properly signed with the secret key. This can be further restricted to accept encrypted JSON only from machines which match a comma-separated list of trusted IP addresses and/or CIDR subnets.
A comma-separated list of IP addresses and/or CIDR subnets which should be allowed to authenticate using encrypted JSON. By default, encrypted JSON is accepted without restriction from any address or subnet.