fix: no hardcoded secrets

homeserver.yaml.tmpl

@@ -1210,7 +1210,7 @@ turn_allow_guests: {{ env "TURN_ALLOW_GUESTS" }}
 # If set, allows registration of standard or admin accounts by anyone who
 # has the shared secret, even if registration is otherwise disabled.
 #
-registration_shared_secret: "G:4AX-+1LBJehgt6=gi^+^T73~zhmJfW4iNP2f#3wZY8icB.;w"
+registration_shared_secret: "{{ secret "registration_shared_secret" }}"
 
 # Set the number of bcrypt rounds used to generate password hash.
 # Larger numbers increase the work factor needed to generate the hash.
@@ -1444,13 +1444,13 @@ room_prejoin_state:
 # the registration_shared_secret is used, if one is given; otherwise,
 # a secret key is derived from the signing key.
 #
-macaroon_secret_key: "KyMrrJ:uvm4_89*CEYh;o*.WeWZJ^p0p*:w*G7^*,EC.EEin8@"
+macaroon_secret_key: "{{ secret "macaroon_secret_key" }}"
 
 # a secret which is used to calculate HMACs for form values, to stop
 # falsification of values. Must be specified for the User Consent
 # forms to work.
 #
-form_secret: "I@#lMS0V3@HRB~b0nvA&Di29uK^l5K@Sm=Ima+:.CKlldwP6&s"
+form_secret: "{{ secret "form_secret" }}"
 
 ## Signing Keys ##