New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auto-unlock wallet from password file #5256
Conversation
Will there be a default file that lnd will look for on startup? |
No, this is purely opt-in. If the flag/config option isn't specified lnd will fall back to its existing behavior (wallet creation and unlock through RPC). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice feature! :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 🎉
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On board with the idea at a high-level, I think the only thing missing here is some added documentation to demonstrate how the file would be created in practice, and walk a user through the process when creating a node for the very first time. However maybe this is more of a thing for docs.lightning.engineering
?
LGTM 🎄
lnd.go
Outdated
@@ -324,6 +327,14 @@ func Main(cfg *Config, lisCfg ListenerCfg, interceptor signal.Interceptor) error | |||
return err | |||
} | |||
|
|||
// If we're started in auto unlock mode, then a wallet _must_ already | |||
// exist because we never want to enable the RPC unlocker in that case. | |||
if cfg.WalletUnlockPasswordFile != "" && !walletExists { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So with this users will need to do the normal RPC init once, write that output to a file (in the expected format), then restart again and set the password unlock file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, for now. With #5150 the wallet DB could be created outside of lnd
prior to it being started (using lndinit
). I described the process in a new doc. We can extend that doc if we decide to implement lndinit
.
As a preparation to do auto-unlock without the unlock RPC, we extract the relevant part into its own method in the unlocker service.
In automated or unattended setups such as cluster/container environments, unlocking the wallet through RPC presents a set of challenges. Usually the password is present as a file somewhere in the container already anyway so we might also just read it from there.
To give users an idea how the new auto-unlock flag can be used in a more safe way than just writing the password to a file, we add a new wallet management document and describe the unlock feature in detail.
d48b9d0
to
d13fb16
Compare
Rebased and added a new doc that describes the auto-unlock feature (among other things). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM ☄️
Extracted 2 commits from #5150
In automated or unattended setups such as cluster/container
environments, unlocking the wallet through RPC presents a set of
challenges. Usually the password is present as a file somewhere in the
container already anyway so we might also just read it from there.