Docker first time setup

[timrettop]

It'd be nice for the docker environment to run when the icloud user and pass are not in env and allow for setting up the config and authorizing interactively to store cookies, like a daemon waiting to receive the needed settings to run based on config.
I'm using it in a compose file and would rather not have my icloud password in .env.

[rhoopr]

Hey! v0.6.0 is coming soon with a big focus on credential management, auth hardening, and general stability/robustness work. What you're describing will be fully supported.

Recommended setup: Start the container with only your username, then store the password in the encrypted credential store:

environment:
  - ICLOUD_USERNAME=you@example.com

# One-time setup after first start:
docker exec -it kei kei credential set --username you@example.com

This will save your password AES-256-GCM encrypted in the /config volume. Future starts read it automatically — no env var needed.

2FA will work the same way — when a code is needed the container pauses (no restart loops) and you submit it externally:

docker exec -it kei kei submit-code 123456

Tip: set up a --notification-script so you get a Slack/push/etc. alert when a 2FA code is required, instead of having to watch the logs.

If you'd rather not use the credential store, there will be two other env-free options:

• Docker secrets — --password-file /run/secrets/icloud_password
• External secret manager — --password-command "op read 'op://vault/icloud/password'" (1Password, Vault, pass, etc.)

I'll update the Docker and Credentials wiki pages with the full walkthrough once it ships.