README
¶
TB API Password Configuration Guide
Security & Concepts
1. Security & Usability
- Protection: Plaintext passwords must not be exposed in public repositories (e.g., GitHub upstream), even for development. Storing them as bcrypt hashes eliminates this risk.
- User Experience: Users can use plaintext passwords naturally when making API calls.
2. Implementation Requirements
- Secure Transmission: Since the API receives plaintext passwords, End-to-End Encryption (e.g., HTTPS) is mandatory to ensure secure delivery.
- Special Character Handling: Bcrypt hashes contain special characters (e.g.,
$). These must be escaped differently depending on the configuration format.- See the Configuring the Password section for examples (e.g.,
$$indocker-compose).
- See the Configuring the Password section for examples (e.g.,
Generating Password Hash
-
From the CB-Tumblebug root directory, generate a bcrypt hash of your password using:
make bcrypt PASSWORD=yourpassword -
Copy the generated hash value.
Configuring the Password
Using Docker Compose
- Open
docker-compose.yamland update theTB_API_PASSWORDenvironment variable with ($$):environment: - TB_API_PASSWORD=$$2a$$10$$4PKzCuJ6fPYsbCF.HR//ieLjaCzBAdwORchx62F2JRXQsuR3d9T0q
Using Environment File
- If you're using
setup.env, update the password hash:TB_API_PASSWORD='$2a$10$4PKzCuJ6fPYsbCF.HR//ieLjaCzBAdwORchx62F2JRXQsuR3d9T0q'
Using Dockerfile
- If you're building directly with Dockerfile, update the environment variable with (' '):
ENV TB_API_PASSWORD='$2a$10$4PKzCuJ6fPYsbCF.HR//ieLjaCzBAdwORchx62F2JRXQsuR3d9T0q'
Notes
- Always keep your password hash secure
- Never commit the actual password or hash to version control
- The hash should be properly escaped if it contains special characters
Documentation
¶
There is no documentation for this package.
Source Files
Click to show internal directories.
Click to hide internal directories.