-
Notifications
You must be signed in to change notification settings - Fork 4
Settings Encryption
The app uses work_dir/config/encrypted_settings.ini to store all global app settings. This file is generated from work_dir/config/settings.ini upon app's first execution. The only difference between encrypted_settings.ini and settings.ini is that some sections of the plaintext settings.ini get encrypted when encrypted_settings.ini is generated.
What gets encrypted:
-
[app]: secret_key, smtp_password -
[postgresql]: password, ro_password -
[dropbox]: app_secret, app_key -
[oura]: client_id, client_secret -
[strava]: client_id, client_secret -
[anticaptcha]: api_key
By default the original plaintext settings.ini is automatically deleted when the application starts for the first time. If you want to preserve the plaintext .ini file beyond the first execution for testing, you can disable the automatic deletion of the plaintext .ini file by commenting out lines 55,56 in web_app_loader_flask.py if using Flask web server, or lines 57,58 in web_app_loader_apache.pyif using Apache .
54 #Delete the plaintext .ini file. Can be commented out for testing (Not recommended for production).
55 print('Deleting plaintext .ini file...')
56 os.unlink(plaintext_ini_file)
The script that does the encryption encrypt_in_file.py is called automatically when the app (web_app_loader_flask.py or web_app_loader_apache.py) is started for the first time,
or it can be executed prior, by running it manually. It will need to be executed with the same password argument as will be used later for the app.
If it needs to be re-run (eg passphrase change etc) and the settings.ini has been deleted, simply rename encrypted_settings.ini back to settings.ini, replace all encrypted sections with the plain text,
and restart the application or run encrypt_in_file.py manually providing the correct passphrase. Alternatively, if you only need/want to encrypt individual strings of characters and paste them in to the .ini file, or just test the process you can do so by executing encrypt_test.py with the string that you want to encrypt and the encryption passphrase as the arguments.
Sample settings.ini (un-encrypted) file. Bold sections are required, everything else is optional:
[app] secret_key = 24563jjd55639ndgdg568dngtsmnt4 send_emails = true smtp_user = [email protected] smtp_password = dsgt5569nsfnhsg smtp_default_sender = [email protected] admin_email = [email protected] smtp_server = smtp.mail.com smtp_server_port = 465 [postgresql] host = localhost database = postgres user = postgres password = postgres sample_db_host = localhost sample_db_port = sample_db = sample_db ro_user = public_ro ro_password = public_ro [path] logs_dir = /usr/src/athletedataapp/work_dir/logs/ pid_file_dir = /usr/src/athletedataapp/work_dir/temp/ download_dir = /usr/src/athletedataapp/work_dir/data temp_file_path = /usr/src/athletedataapp/work_dir/temp/.temp.txt [autosynch] interval = 43200 [crypto] salt_size = 16 number_of_iterations = 2000 aes_multiple = 16 [dropbox] integrated_with_dropbox = true app_key = 554jnfk679f app_secret = 54jmdh69dn0 redirect_uri = http://127.0.0.1:5000/dropbox_confirm [oura] oura_client_id = 4HNF6DMJ8S5 oura_client_secret = 6EDJHND7KSWNYR509RJNRHN oura_auth_url = https://cloud.ouraring.com/oauth/authorize oura_token_url = https://api.ouraring.com/oauth/token [strava] strava_client_id = 12345 strava_client_secret = dgn5683hjbnfhgtdnb57892nbgd6nnd strava_auth_url = https://www.strava.com/oauth/authorize strava_token_url = https://www.strava.com/oauth/token strava_redirect_uri = http://127.0.0.1:5000/strava_confirm [anticaptcha] api_key = 3678fhbdggy58hnw5 [superset] superset = true url = http://127.0.0.1:8088/ [pgweb] pgweb = true url_smpl = http://127.0.0.1:8081/ url_usr = http://127.0.0.1:8081/ [archive] preserve_files = false