Allow cookie to be set via CLI flag or ENV var #189
Comments
|
Opened a PR for your convenience if you're open to this: #190 |
|
@Kixunil (the author of configure_me) |
|
The reasoning is good (also possibly useful with I'd really like to help you without introducing footguns for other people, so I have some other ideas. Is this very important to you or you can live with the config file, at least for a while? I wonder, do you set everything else on command line or everything is default except for the cookie? Would #176 solve your issue better? ( BTW, I've heard some negative information about Docker security from several independent sources, so you might want to avoid relying on its isolation. |
This is the only config file that's required for my whole full node + electrum + tor + explorer setup. Everything else is configured purely inside my I feel like that is the preferred Docker approach to configuration, but I understand this could be potentially dangerous to non Docker users so you might not want to accept it. #176 wouldn't help in this regard as it's still file based. I like the idea of allowing this behaviour but giving a warning to prevent accidental usage when it may be unsafe. I think Then running again with And same for the Thoughts? |
|
OK. The way When I was writing One alternative trick would be to require the cookie at the end preceded with a parameter without
But that's quite ugly trick. OTOH, I think argument renaming might not be too hard. Or maybe I could limit it to env var renaming, which might be even easier. |
|
Yeah you should definitely do whatever you feel is best in a more general sense for |
|
Actually now I think about it, #176 could be a nice solution! I could have a shared volume for the bitcoind data dir between the bitcoind and electrs containers and then point electrs to the cookie file in the shared volume. |
|
Awesome! I prefer that solution much more, because it solves the issue for other people too. I feel like doing some Open Source stuff now, so I'm going to look at it. :) |
This change allows the user to specify a custom cookie file, which is then used instead of `~/.bitcoin/.cookie`. This resolves situations when the user wants to have the cookie file in non-standard path. Aside from that, the code now pre-computes the default path, improving the performance by avoiding allocation (and copying). Unfortunately, due to limitations of Rust, the code doesn't print out cookie configuration anymore. This however might be safer, since the cookie isn't printed, and thus doesn't end up in some readable logs by accident. Closes romanz#176 Closes romanz#189
|
See the referenced PR. :) |
This good practise in general, however there are some scenarios where it may be useful to allow setting cookie via CLI flag or ENV var where it's not a security concern.
For example, in an isolated Docker network I just use the credentials
rpcuser:rpcpassword. It's easy set between different containers and the RPC port isn't even accessible by the host, it's only internal to the Docker network.To get this working with electrs I need to create a config file purely to set the cookie which is awkward. It would be great if I could just add
ELECTRS_COOKIE=rpcuser:rpcpasswordto mydocker-compose.yml.Are you open to allowing this?
The text was updated successfully, but these errors were encountered: