Added notes about how weechat secured data works, and how to unlock on startup
This commit is contained in:
parent
538e492277
commit
a3d660201a
19
README.md
19
README.md
|
|
@ -20,3 +20,22 @@ These Secrets should be set up on first start for the init to work properly
|
||||||
- tl-weechat-ztnetaddr
|
- tl-weechat-ztnetaddr
|
||||||
- tl-weechat-pass
|
- tl-weechat-pass
|
||||||
- tl-weechat-authorizedkeys
|
- tl-weechat-authorizedkeys
|
||||||
|
|
||||||
|
# Notes
|
||||||
|
|
||||||
|
## Weechat Secured Data
|
||||||
|
|
||||||
|
Ref: https://weechat.org/files/doc/stable/weechat_user.en.html#secured_data
|
||||||
|
|
||||||
|
One of my goals for this setup is to get my weechat configs into a state where I can host them publicly. That means removing or obscuring all sensetive information from the conf files, at least in plain-text.
|
||||||
|
|
||||||
|
|
||||||
|
### Unlock on startup
|
||||||
|
|
||||||
|
By default, weechat waits for user input on startup to gather the Secured Data passphrase before doing anything else. [This step can be skipped by setting sec.crypt.passphrase_command](https://weechat.org/files/doc/stable/weechat_user.en.html#secured_data_passphrase_on_startup).
|
||||||
|
|
||||||
|
Because we have set up a container secret for this passphrase already, all we really need to do is read its contents...
|
||||||
|
|
||||||
|
````
|
||||||
|
/set sec.crypt.passphrase_command "/usr/bin/cat /run/secrets/tl-weechat-pass"
|
||||||
|
````
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue