diff options
author | Thien-Thi Nguyen <ttn@gnuvola.org> | 2021-01-29 10:03:51 -0500 |
---|---|---|
committer | Thien-Thi Nguyen <ttn@gnuvola.org> | 2021-01-29 10:03:51 -0500 |
commit | 1f389a9158af9a4c0e4ceff5ba581834e78829bc (patch) | |
tree | 76fbbe86d3f4f591934734c03bc537ded7d8c559 | |
parent | a4fd71e5e7c07b9b0f7ffbdee268e897e6091ead (diff) | |
download | docs-1f389a9158af9a4c0e4ceff5ba581834e78829bc.tar.gz docs-1f389a9158af9a4c0e4ceff5ba581834e78829bc.tar.bz2 docs-1f389a9158af9a4c0e4ceff5ba581834e78829bc.zip |
describe env vars, instead of command-line option, for db connection string
-rw-r--r-- | libeufin/nexus-tutorial.rst | 33 |
1 files changed, 13 insertions, 20 deletions
diff --git a/libeufin/nexus-tutorial.rst b/libeufin/nexus-tutorial.rst index 0ce97c2b..01dd8b97 100644 --- a/libeufin/nexus-tutorial.rst +++ b/libeufin/nexus-tutorial.rst @@ -110,6 +110,11 @@ The sandbox service is started with the following command: To reset the state of the sandbox, delete the database. By default, the database is a SQLite3 file in ``/tmp/libeufin-sandbox.sqlite3``. +A different database can be specified as a JDBC connection URI +with the ``LIBEUFIN_SANDBOX_DB_CONNECTION`` environment variable. +Only *SQLite* (e.g. ``jdbc:sqlite:/tmp/libeufintestdb``) and *PostgreSQL (via TCP)* +(e.g. ``jdbc:postgresql://localhost:$port/libeufintestdb?user=$username&password=$password``) +are supported right now. For invocations of the LibEuFin command-line interface tool (``libeufin-cli``), the following environment variable must be set to the URL of the sandbox @@ -196,36 +201,24 @@ Use the following command to run the nexus service: $ libeufin-nexus serve --port 5001 By default, the SQLite3 database ``/tmp/libeufin-nexus.sqlite3`` will be used. -The database can be specified as a JDBC connection URI with the -``--db-conn-string=$DBCONN`` option. Only *SQLite* and *PostgreSQL (only via -TCP)* are supported right now. - -.. warning:: - - For production-grade deployments of LibEuFin, we do not recommend specifying the - secret database credentials via command line arguments, as can will expose - those credentials to other users. - - Instead, the DB connection string should be specified in an environment variable - (which can be set in the systemd unit via an ``EnvironmentFile`` option) - once LibEuFin supports this (see the corresponding - `bug tracker entry <https://bugs.gnunet.org/view.php?id=6720>`__). - +The database can be specified as a JDBC connection URI +with the ``LIBEUFIN_NEXUS_DB_CONNECTION`` environment variable. +Only *SQLite* (e.g. ``jdbc:sqlite:/tmp/libeufintestdb``) and *PostgreSQL (via TCP)* +(e.g. ``jdbc:postgresql://localhost:$port/libeufintestdb?user=$username&password=$password``) +are supported right now. For example: .. code-block:: console - $ libeufin-nexus serve \ - --db-conn-string=jdbc:postgresql://127.0.0.1:5433/libeufindb?user=foo&password=secret + $ export LIBEUFIN_NEXUS_DB_CONNECTION=jdbc:postgresql://127.0.0.1:5433/libeufindb?user=foo&password=secret + $ libeufin-nexus serve At this point a superuser account needs to be created: .. code-block:: console - $ libeufin-nexus superuser \ - --db-conn-string=jdbc:postgresql://127.0.0.1:5433/libeufindb?user=foo&password=secret \ - foo # Will interactively ask for password + $ libeufin-nexus superuser foo # Will interactively ask for password For simplicity, a superuser can as well act as a normal user, but an API to create less privileged users is offered. |