Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auto-unlock wallet from password file #5256

Merged
merged 3 commits into from May 12, 2021
Merged

Auto-unlock wallet from password file #5256

merged 3 commits into from May 12, 2021

Conversation

guggero
Copy link
Collaborator

@guggero guggero commented Apr 28, 2021

Extracted 2 commits from #5150

In automated or unattended setups such as cluster/container
environments, unlocking the wallet through RPC presents a set of
challenges. Usually the password is present as a file somewhere in the
container already anyway so we might also just read it from there.

@guggero guggero added this to the 0.13.0 milestone Apr 28, 2021
@guggero guggero added this to In progress in v0.13.0-beta via automation Apr 28, 2021
@guggero guggero added safety General label for issues/PRs related to the safety of using the software wallet The wallet (lnwallet) which LND uses labels Apr 28, 2021
@githorray
Copy link
Contributor

Will there be a default file that lnd will look for on startup?

@guggero
Copy link
Collaborator Author

guggero commented Apr 28, 2021

No, this is purely opt-in. If the flag/config option isn't specified lnd will fall back to its existing behavior (wallet creation and unlock through RPC).

cfromknecht
cfromknecht reviewed May 3, 2021
View reviewed changes
Copy link
Contributor

@cfromknecht cfromknecht left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice feature! :)

lnd.go Show resolved Hide resolved
cfromknecht
cfromknecht approved these changes May 4, 2021
View reviewed changes
Copy link
Contributor

@cfromknecht cfromknecht left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🎉

@guggero guggero moved this from In progress to Review in progress in v0.13.0-beta May 5, 2021
Roasbeef
Roasbeef approved these changes May 6, 2021
View reviewed changes
Copy link
Member

@Roasbeef Roasbeef left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On board with the idea at a high-level, I think the only thing missing here is some added documentation to demonstrate how the file would be created in practice, and walk a user through the process when creating a node for the very first time. However maybe this is more of a thing for docs.lightning.engineering?

LGTM 🎄

lnd.go Outdated
@@ -324,6 +327,14 @@ func Main(cfg *Config, lisCfg ListenerCfg, interceptor signal.Interceptor) error
return err
}

// If we're started in auto unlock mode, then a wallet _must_ already
// exist because we never want to enable the RPC unlocker in that case.
if cfg.WalletUnlockPasswordFile != "" && !walletExists {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So with this users will need to do the normal RPC init once, write that output to a file (in the expected format), then restart again and set the password unlock file?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, for now. With #5150 the wallet DB could be created outside of lnd prior to it being started (using lndinit). I described the process in a new doc. We can extend that doc if we decide to implement lndinit.

v0.13.0-beta automation moved this from Review in progress to Reviewer approved May 6, 2021
@guggero
walletunlocker: extract LoadAndUnlock
8224de5 
As a preparation to do auto-unlock without the unlock RPC, we extract
the relevant part into its own method in the unlocker service.
@guggero
config+lnd: add wallet-unlock-password-file option
571d00b 
In automated or unattended setups such as cluster/container
environments, unlocking the wallet through RPC presents a set of
challenges. Usually the password is present as a file somewhere in the
container already anyway so we might also just read it from there.
@guggero
docs: add wallet management doc, fix markup in INSTALL doc
d13fb16 
To give users an idea how the new auto-unlock flag can be used in a more
safe way than just writing the password to a file, we add a new wallet
management document and describe the unlock feature in detail.
@guggero
Copy link
Collaborator Author

guggero commented May 6, 2021

Rebased and added a new doc that describes the auto-unlock feature (among other things).

@guggero guggero requested a review from Roasbeef May 6, 2021 10:29
Roasbeef
Roasbeef approved these changes May 12, 2021
View reviewed changes
Copy link
Member

@Roasbeef Roasbeef left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM ☄️

@Roasbeef Roasbeef merged commit 9373008 into lightningnetwork:master May 12, 2021
v0.13.0-beta automation moved this from Reviewer approved to Done May 12, 2021
@guggero guggero deleted the wallet-unlock-file branch May 13, 2021 18:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Roasbeef Roasbeef Roasbeef approved these changes

@cfromknecht cfromknecht cfromknecht approved these changes

Assignees
No one assigned
Labels
safety General label for issues/PRs related to the safety of using the software wallet The wallet (lnwallet) which LND uses
Projects
No open projects
v0.13.0-beta
Done
Milestone
0.13.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@guggero @githorray @Roasbeef @cfromknecht