Support specifying rpcpassword by file #10071

1. 
   basvandijk commented at 5:28 pm on March 24, 2017: none

   Original issue: https://github.com/namecoin/namecoin-core/issues/148.

   Currently the rpcpassword must be specified in the configuration file. On some systems (for example in NixOS) configuration files are stored in world-readable locations. It’s a bad idea to store secrets in world-readable locations.

   To better support these systems it would be nice if there was a rpcpasswordFile configuration parameter. Users can then keep the configuration file in a world-readable location but set rpcpasswordFile to a file with restricted ownership and permissions.

2. 
   laanwj commented at 8:33 am on March 25, 2017: member

   Another (more general) approach, also used in many other daemons, would be to support include statements in configuration files, this would allow including any options from other places besides the main configuration file not just the password.

   BTW rpcpassword is deprecated. If you use the newer rpcauth mechanism (introduced in #7044, first in 0.12.0) you can use hashed passwords in the configuration file. This is not a workaround for storing secrets in world-readable locations but makes it non-trivial to recover the cleartext password given access to the configuration file.

3. laanwj added the label RPC/REST/ZMQ on Mar 25, 2017
4. laanwj added the label Feature on Mar 25, 2017
5. kallewoof referenced this in commit 60d663ff8f on Apr 24, 2017
6. kallewoof referenced this in commit 26be3f7925 on Apr 24, 2017
7. kallewoof referenced this in commit dcd7b06dd2 on Apr 24, 2017
8. kallewoof referenced this in commit 2befe68f8a on Apr 25, 2017
9. kallewoof referenced this in commit b2c56e1ae2 on Apr 25, 2017
10. kallewoof referenced this in commit 04780777a2 on Apr 25, 2017
11. kallewoof referenced this in commit dd6654c465 on Apr 25, 2017
12. kallewoof referenced this in commit e24da005cd on May 2, 2017
13. kallewoof referenced this in commit 284eb4d6c8 on May 2, 2017
14. 
    kallewoof commented at 2:05 am on May 2, 2017: member

    Sorry for the spam. Every time I rebase that commit it pings this thread. Wish Github was more intelligent in that regard.
15. 
    jnewbery commented at 8:55 pm on May 2, 2017: member

    @kallewoof - reword the commit message to remove the issue #.

    Arguably, commit messages shouldn’t contain references to issues, which are a github concept - the git repository should stand alone.

16. 
    laanwj commented at 9:51 am on May 3, 2017: member

    Arguably, commit messages shouldn’t contain references to issues, which are a github concept - the git repository should stand alone.

    In a purely ontological sense you are right, but in practice I disagree: I really like to see issue IDs while looking back (though leaving out the # is of course fine) because they allow me to look up the context of something and the discussion around it.

    Sorry for the spam. Every time I rebase that commit it pings this thread. Wish Github was more intelligent in that regard.

    Yes would be useful if it garbage-collected notifications from no-longer-referenced commits.

17. kallewoof referenced this in commit ee30fb4ef6 on May 8, 2017
18. kallewoof referenced this in commit ff6d14ea3d on May 8, 2017
19. 
    kallewoof commented at 1:43 am on May 9, 2017: member

    In a purely ontological sense you are right, but in practice I disagree: I really like to see issue IDs while looking back (though leaving out the # is of course fine) because they allow me to look up the context of something and the discussion around it.

    If I’m not mistaken, referencing an issue in a commit as “fixes <issue#>” will actually auto-close the issue when the PR is merged. That’s also handy, I guess.

20. kallewoof referenced this in commit 4fbe913cc6 on May 16, 2017
21. kallewoof referenced this in commit 2c564bd429 on May 16, 2017
22. kallewoof referenced this in commit 0e3b23128a on Jun 1, 2017
23. kallewoof referenced this in commit 7a062e7f08 on Jun 1, 2017
24. kallewoof referenced this in commit 10d84bdf47 on Jun 15, 2017
25. kallewoof referenced this in commit 2cda1f9e60 on Jun 15, 2017
26. kallewoof referenced this in commit f211e66556 on Jul 14, 2017
27. kallewoof referenced this in commit d28a638605 on Jul 14, 2017
28. jnewbery referenced this in commit f847e34549 on Aug 14, 2017
29. jnewbery referenced this in commit d61f4f8757 on Aug 14, 2017
30. kallewoof referenced this in commit bad3811e72 on Aug 15, 2017
31. kallewoof referenced this in commit dafcccc5f8 on Aug 16, 2017
32. kallewoof referenced this in commit da3c426047 on Aug 16, 2017
33. kallewoof referenced this in commit bc3fc2907a on Sep 28, 2017
34. kallewoof referenced this in commit bf966acd94 on Oct 11, 2017
35. kallewoof referenced this in commit fa1fbb49c8 on Nov 24, 2017
36. kallewoof referenced this in commit 2158b3fe35 on Dec 5, 2017
37. kallewoof referenced this in commit 9f85e2fd28 on Dec 12, 2017
38. kallewoof referenced this in commit 48b9bb18f2 on Jan 9, 2018
39. kallewoof referenced this in commit 9bcac390f2 on Jan 25, 2018
40. 
    meshcollider commented at 6:51 pm on March 6, 2018: contributor

    @kallewoof note that you can include it in the PR OP and not in the commit message and it will work fine without this spam ^ :)
41. jnewbery referenced this in commit 64e5d804f8 on Mar 20, 2018
42. laanwj referenced this in commit 7192b8fca3 on Apr 25, 2018
43. laanwj closed this on May 9, 2018

    ---

44. laanwj referenced this in commit 7b966d9e6e on May 9, 2018
45. UdjinM6 referenced this in commit aa4488898c on May 21, 2021
46. UdjinM6 referenced this in commit dc1830a2f0 on May 25, 2021
47. TheArbitrator referenced this in commit da56b72f34 on Jun 7, 2021
48. MarcoFalke locked this on Sep 8, 2021
49. gades referenced this in commit cc916da5a7 on Apr 30, 2022

Contributors
basvandijk laanwj kallewoof jnewbery meshcollider

Labels
Feature RPC/REST/ZMQ