From a3d660201a74341fd03ec100e7761e3350959a26 Mon Sep 17 00:00:00 2001
From: David Thurstenson <thurstylark@gmail.com>
Date: Fri, 27 May 2022 12:23:17 -0500
Subject: [PATCH] Added notes about how weechat secured data works, and how to
 unlock on startup

---
 README.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/README.md b/README.md
index 1c4bf64..4e45fd1 100644
--- a/README.md
+++ b/README.md
@@ -20,3 +20,22 @@ These Secrets should be set up on first start for the init to work properly
 - tl-weechat-ztnetaddr
 - tl-weechat-pass
 - tl-weechat-authorizedkeys
+
+# Notes
+
+## Weechat Secured Data
+
+Ref: https://weechat.org/files/doc/stable/weechat_user.en.html#secured_data
+
+One of my goals for this setup is to get my weechat configs into a state where I can host them publicly. That means removing or obscuring all sensetive information from the conf files, at least in plain-text.
+
+
+### Unlock on startup
+
+By default, weechat waits for user input on startup to gather the Secured Data passphrase before doing anything else. [This step can be skipped by setting sec.crypt.passphrase_command](https://weechat.org/files/doc/stable/weechat_user.en.html#secured_data_passphrase_on_startup).
+
+Because we have set up a container secret for this passphrase already, all we really need to do is read its contents...
+
+````
+/set sec.crypt.passphrase_command "/usr/bin/cat /run/secrets/tl-weechat-pass"
+````