Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure authentication #89

Closed
torkelrogstad opened this issue Jul 16, 2020 · 6 comments
Closed

Secure authentication #89

torkelrogstad opened this issue Jul 16, 2020 · 6 comments

Comments

@torkelrogstad
Copy link
Contributor

I've been looking into using Thunderhub to manage my node, but it seems a bit lacking authentication-wise. The current setup requires me to hardcode a password value int he yaml file, which is not good. Is it possible to avoid this, or do you have any thoughts on how to improve this?

Some solutions that I think would improve the current setup:

  1. Provide password through a CLI flag
  2. Provide password through environment variable
  3. Alllow environment variables in the yaml file

I'm happy to code up a solution if we can agree on a way of doing this.
@apotdevin
Copy link
Owner

Aha! Question is just on time. Check out version 0.8.12. It will hash any passwords it sees in the yaml file so no cleartext passwords there

@torkelrogstad
Copy link
Contributor Author

By glancing at the source code it looks like this is done by overwriting the config file we passed, right? Perhaps I'm missing something, but wouldn't it be better if the config file contained nothing sensitive, so that it could be comitted to source control?

My desired flow is basically this:

  1. Have all my config for LN node management in a repo
  2. On the server where everything is running, pull down that repo
  3. Start the services with appropriate environment variables/cli flags

From this perspective, there's a couple of unfortunate effects of the current approach:

  1. The config file the user passes in is overwritten. I generally don't except software to write to it's own source/config files while it's running
  2. I can't check in the config file to git

@apotdevin
Copy link
Owner

apotdevin commented Jul 16, 2020
edited
Loading

Correct, the file is overwritten with the hashed passwords on the first call to the server if it sees cleartext passwords.

hmm, couple of questions:

  1. Would it be an option to check in the file after it's been hashed? This way it wouldn't be overwritten on the next server start. You could also hash the passwords with bcrypt and append thunderhub- in the front and thunderhub won't ovewrite it at any point.
  2. Maybe something like a masterMasterPassword that you can set as an env variable that would replace any account password that appears in the yaml? This way there's no need to have the password in this file but would still need to be passed as cleartext through env vars.

@torkelrogstad
Copy link
Contributor Author

Hashing first could work. In that case I'd suggest to add documentation and possibly also helper scripts for encrypting/decrypting. Similar to rpcauth.py in Bitcoin Core

@apotdevin
Copy link
Owner

Good idea, can do that 👍

@apotdevin apotdevin mentioned this issue Jul 16, 2020
Open
@apotdevin
Copy link
Owner

Followed on #91

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@torkelrogstad @apotdevin