Open pickaxe828 opened 1 month ago
Thank you for opening the issue! This is a designed behaviour, but it is indeed confusable.
The passphrase for Valut End-to-End Encryption is different from the passphrase for the configuration URI. This is to change the E2EE passphrase and CouchDB password in the event of unexpected exposure of the configuration URI or its passphrase.
Therefore, I have planned to use a volatile one instead of welcome
at first. However, after a short thought, I changed my mind; this might confuse people more. Then I came up with a simple one, but I think we have a more confusable as a result. This is the current status.
Now I have two plans.
setupuri_passphrase
for the Setup URI.
A. If not supplied, welcome
is used. (Current behaviour).
B. If not supplied, a random one will be used and displayed only once. (The original design).I would love to hear your views on whether option A or B is preferable!
Tho the uri passphrase might not be as important, imho, it's always better to be secure. I think B is a better choice, as it is more secure than a same uri passphrase for everyone who didn't set a value for it. And B is actually quite intuitive for me 😆
Thank you for your suggestion! I am so happy to implement it and make it better! Would you mind if I ask you to check the behaviour, please?
Abstract
Passphrase unable to be set using the
obsidian-livesync/main/utils/flyio/generate_setupuri.ts
script. Instead,welcome
is being used instead for the passphrase. Procedures from docs/setup_own_server.mdExpected behaviour
export passphrase=your_own_passphrase
Actually happened
welcome
no matter what you've set. (The problem is in this line, where it should pass the environment varpassphrase
instead of "welcome" into theecrypt()
function)Reproducing procedure
export passphrase=your_own_passphrase
Couldn't parse or decrypt configuration uri.
in the log of LiveSync (Show log)Same problem
After I wrote this issue, I find this problem being mentioned in #350, with same finding in this comment