Is keeping the same onion url on the wish list?

[Leopere]

Also is an onion version 2 coming? Version one isn’t really safe anymore.

[cmars]

I released support for persistent onion addresses in v0.2.0 -- see releases. You use an @ to alias it. There's an example now in the README (the @my-app and @minecraft ones). In v0.3.0 I added a subcommand that lets you manage the service keys (oniongrok service --help for details).

In order for addresses to be persistent, oniongrok has to keep track of the services' private keys. For now, they're stored in a mode 600 file, ~/.local/share/oniongrok by default, which you can change using the --secrets flag. I'm not super thrilled with this arrangement tbh.

I have a really strong aversion to any sort of private keys on my filesystem. I'd like to find a way to have onion keys stored in a hardware device. There are many that can do ed25519 now. A YubiKey could do it. Or maybe a Trezor? What if an eth address was also an onion? 🤯 This is an area of research, which might get me into Tor's internals. Should be fun!

oniongrok only uses v3 onion services. v2 are insecure and Tor doesn't even support them anymore, they're past sunset.

I'm going to mark this closed as I think it addresses your question & concern.

[Leopere]

Even a simple recommendation to store it in a “ram disk” is some degree reasonable. However if the box is owned and you’re storing this key on the machine anywhere memory or otherwise you’re somewhat likely to assume that everything is done and dusted anyways.