TShock icon indicating copy to clipboard operation
TShock copied to clipboard
verified publisher icon Pryaxis

Allow Database Passwords to be pulled from File

Open Markil3 opened this issue 7 months ago • 4 comments

Is your feature request related to a problem? Please describe. At the moment, the "MySqlPassword" and "PostgresPassword" fields in the configuration accepts a plain-text password. This is not the most ideal security, since most of the configuration files don't need anywhere near the security that passwords do. Most of the configuration would be useful to check into version control systems and the like, but this is currently not wise as long as database credentials are also stored here.

Describe the solution you'd like I would suggest an alternate mode for the "MySqlPassword" and "PostgresPassword" parameters that allows administrators to specify a file://<path> format, and the server would pull the data from the file referenced (i.e. file:///run/secrets/tshock-db.key).

Describe alternatives you've considered Treating the entire configuration file as a secret. This is not ideal for reasons outlined above.

Markil3 avatar May 28 '25 18:05 Markil3

Hi there! Treating this issue from both MySQL and Postgres, this solution is indeed far from ideal, being a "all-or-nothing" security toggle.

My recommendations would be the following :

  • Create a config.local.json, the contents of which would override those in settings.json, and could then be specifically excluded from VCS via a .gitignore or such.
  • Allow using environment variables as config. This solution looks especially appealing for cases using Systemd or Docker for svctl.
  • Harden security further using a certificate-based auth (the cert being loaded from an external file), which would be supported via connection strings, when PR #3105 eventually gets merged.

These are a few ideas on top of my head, which I'd love some feedback from @hakusaro and @QuiCM :)

SakuraIsayeki avatar May 29 '25 09:05 SakuraIsayeki

Allow using environment variables as config

This is the preferred solution for those who want alternative database settings imho.

hakusaro avatar May 29 '25 09:05 hakusaro

My main reason to suggest the file is due to how some build environments like Docker will put its secrets into a virtual file within the container. That said, I think there is room for both environmental variables and files. As an example, the Authentik project uses "env://" and "file://" prefixes as alternatives for its configurations.

Markil3 avatar May 29 '25 14:05 Markil3

In my opinion you should be able to pass a parameter: --config key val

zyrafaq avatar Jul 29 '25 09:07 zyrafaq