Docker container does not persist firefly credentials across restart
Closed this issue · 4 comments
I imagine the credentials are stored in memory, and then when the process stops the credentials are lost. This is behaviour we should avoid since restarting the container (e.g., when upgrading the image) should not interrupt the user's experience.
I see this is already on your todo list.
Add lowdb as local JSON database for persistance
Hi @Koellewe, thank you or your feedback. Yep, the problem is annoying if you have to restart the bot too often. Though the persistence via the lowdb is a preffered solution to solve the problem, you could partially workaround it by utilizing the .env file with all the required vars (see the https://github.com/cyxou/firefly-iii-telegram-bot/blob/master/.example.env file for example). Having all the env vars specified in the .env file, the bot will read those values upon each start and you won't have to go to Settings in order to set them.
Thanks for the tip. What are the security implications of pre-configuring the bot with access to my firefly instance? Will anyone on Telegram be able to access my instance through the bot?
As long as you keep your Bot token safe, no one will access your bot.
If you are hosting your Firefly instance in the cloud, then potentially a cloud admin may somehow get access to the filesystem of your virtual machine and obtain your bot token. But having access to your VM why would he need your Bot token if he already got access to your Firefly instance? )) On the other hand, if you are hosting Firefly on premise, than you should be good, as that Bot tokens are kind of an industry standard and if they were that easy to brute force, guess or compromise I'd suppose telegram engineers would already had taken care of the way bots get authenticated. So I think that Bot tokens are safe for storing them in the file system as long as there is no unauthorized access to that filesystem. At least it works for me curently