-
Notifications
You must be signed in to change notification settings - Fork 734
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Removal of TESLA_USERNAME and TESLA_PASSWORD from Environment Variables #58
Comments
Looks like docker has some built in secrets manager, but I think there will need to be code changes to actually read from the file system (as they are stored in files |
As far as I know, secrets are only available when using a docker swarm.
What I've done is use the
While I still don't like the idea of my password being in plaintext, that's the best I've come up with. I think another option would be to add some logic into the |
Secret usage was added in docker-compose without swarm as of 1.11 (by using bind mounting) |
Very cool. I think that would be the way to go. Not having to pick just one external secret storage provider or support multiple would definitely be ideal. |
What about expanding the web interface a bit to support adding accounts to TeslaMate? The username and password could then be stored in PostgreSQL or something like that. |
Oh, I like that idea a lot. Postgres should be able to store encrypted password I would think. |
Theoretically it wouldn't even be necessary to store the credentials. They are only required once to obtain the auth token from the Tesla API. The token would then go into the database. I think adding a login view to the web interface is a great idea. |
From what I understand, the auth token's do expire (90 days?). I haven't updated yet, but when they do expire, how will new auth tokens get generated? |
There are two kinds of tokens: access and refresh. At application startup and before the access token expires the refresh token is used to request a new pair of tokens. |
Can we brainstorm some ways we can remove TESLA_USERNAME and TESLA_PASSWORD from Environment Variables? These are visible from the container settings and I don't like my password sitting out in the open.
Some sort of secrets manager or an endpoint that you can call that sets the credentials and starts the API after being called.
The text was updated successfully, but these errors were encountered: