Page 1 of 1
Allow an encrypted version of the token to be stored
Posted: Sat Apr 27, 2024 8:36 pm
by Daholli
On linux currently, both when using a headless server and when using the normal client the token that the factorio uses is saved in plaintext in the config file.
It would be nice if we could specify an encryption and e.g. an ssh or an age key to encrypt the token with.
I am using NixOs and currently when setting up the server i have to decrypt my token to write it into the config and then have it on my system decrypted, which is ok, but not the preferred way
.
Looking forward to 2.0, you guys rock!
Best Holli
Re: Allow an encrypted version of the token to be stored
Posted: Sun Apr 28, 2024 8:27 pm
by Rseding91
So you want to enter a password to decrypt it every time you start the game?
Re: Allow an encrypted version of the token to be stored
Posted: Sun Apr 28, 2024 9:07 pm
by Illiander42
Looks like they want to store the game password in an encrypted file on the server host?
Re: Allow an encrypted version of the token to be stored
Posted: Sun Apr 28, 2024 10:11 pm
by Rseding91
If something is encrypted someone needs to provide a key to decrypt it. That just sounds like “don’t keep me signed in” with extra steps.
Re: Allow an encrypted version of the token to be stored
Posted: Mon Apr 29, 2024 8:28 am
by Illiander42
I work on servers with service accounts that automagically decrypt everything so much that I had honestly forgotten that.
You just get used to storing everything encrypted, and trusting the service account to have the keys and sort it out for you.
Of course, then when you get it it's already been automagically decrypted...
---
Yeah, this is making less and less sense.
Re: Allow an encrypted version of the token to be stored
Posted: Wed May 01, 2024 12:09 am
by Daholli
Rseding91 wrote: Sun Apr 28, 2024 8:27 pm
So you want to enter a password to decrypt it every time you start the game?
I thought about it some more, and i think generally having the token is probably ok, I just really came across this problem, because I both wanted my configuration publicly available and declaratively saved in the config, which basically had me running into the encryption issue.
Currently I just have an age key that is used to decrypt the token everytime it is being built, but then the token still ends up in plain text somewhere.
I dont really have a solution at the top of my head, unless you are using a hardware key you would end up having to put a password in or having the private key on the system, which would put you back to square one.
So generally my idea, which sounded much better in my head 2 days ago isnt that great