From d54ff4aabb9e6f8b39f056448dfe917c5ffb9edf Mon Sep 17 00:00:00 2001 From: Jonathan Cobb Date: Wed, 23 Sep 2020 06:14:13 -0400 Subject: [PATCH] update README to describe passing literal values in env vars --- README.md | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 9712138..df8e03c 100644 --- a/README.md +++ b/README.md @@ -37,18 +37,29 @@ If you want to build from source: # Installation There are a few steps to installation: * Generate the flex-router password - * Create an SSH key pair * Create an auth token file + * Create an SSH key pair * Install system service ## Generate the bubble-flexrouter password During installation, choose a password for the service. It should be random and at least 30 characters long. -Store this password in securely someplace where the Bubble app can read it. Ideally this is *not* on the filesystem, +Bcrypt the password (use 12 rounds). + +Store the plaintext (not bcrypted) password securely someplace where the Bubble app can read it. It will need +this password to register and unregister the router with the Bubble. Ideally this is *not* on the filesystem, but in some internal app storage mechanism, since it will be stored in plaintext. -Bcrypt the password (use 12 rounds) and store the bcrypted value in a file. This file should only be readable by -the bubble-flexrouter system service. +Store the bcrypted value securely somewhere someplace where only the bubble-flexrouter service can read it. +If you store the bcrypted value in a file, ensure that only the bubble-flexrouter service can read the file. + +## Create an auth token file +bubble-flexrouter uses an auth token to secure its connection to a Bubble. + +During installation, generate a random token. This token must be at least 50 characters long. + +Store the token securely somewhere someplace where only the bubble-flexrouter service can read it. +If you store the token in a file, ensure that only the bubble-flexrouter service can read the file. ## Create an SSH key pair During installation, generate an RSA key pair: @@ -60,12 +71,6 @@ In the above, `/some/secure/location` should be a path that is only readable by When this step is done, `/some/secure/location` should be the path to the SSH private key and `/some/secure/location.pub` should be the path to the SSH public key. -## Create an auth token file -bubble-flexrouter uses an auth token to secure its connection to a Bubble. - -During installation, write a random token to a file. This token must be at least 50 characters long. -After writing the file, ensure that it is only readable by the bubble-flexrouter service. - ## Install system service Install bubble-flexrouter as a system service (Windows Service or Mac OS launch daemon) during Bubble app installation. @@ -77,8 +82,8 @@ system routing table. This usually means Administrator (on Windows) or root (on The service requires some environment variables to be set: * `BUBBLE_FR_SSH_KEY` - full path to the *private* SSH key - * `BUBBLE_FR_PASS` - full path to the bcrypted password file - * `BUBBLE_FR_TOKEN` - full path to the auth token file + * `BUBBLE_FR_PASS` - full path to the bcrypted password file, or the actual bcrypted password prefixed with `@` + * `BUBBLE_FR_TOKEN` - full path to the auth token file, or the actual token prefixed with `@` Run the service with these environment variables set.