bee
bee copied to clipboard
Auto generate `token-encryption-key` if not specified
Summary
If --token-encryption-key
is not specified for the --restricted
mode then Bee should auto-generate a random key and save it to config.
Motivation
From the explanation from @notanatol I understand that the token-encryption-key
is there to enable to have compatible tokens across multiple Bee instances that share the same encryption key. This is a valid feature, but IMHO something that most the users won't utilize, but it is currently required from them to configure this flag (according to the Docs ) which is something that might be quite confusing to why it should be configured.
Also, @notanatol explained to me that it is possible not to configure this flag, but then an empty string is used and hence the tokens would be "compatible" with other nodes that also have empty strings, which would open quite a simple attack surface as there is a high chance that users would not configure this properly.
Implementation
- If the
token-encryption-key
flag/option is not specified and not present in the config, then it should be auto-generated and saved to config. - If the flag
--token-encryption-key
is specified and there is also a config value, then the flag should have priority over the config value
Drawbacks
Maybe mutation of config? Not sure if you do it for something else.