diff options
author | Florian Dold <florian@dold.me> | 2021-01-24 16:04:41 +0100 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2021-01-24 16:04:41 +0100 |
commit | d27be298fbbc186fc2c96d5ad74a74c557603051 (patch) | |
tree | d50c798679e23cf44301d9617010ce62e3841bae /libeufin | |
parent | ce6f02324134436a5ddb5875ca1259a66168e135 (diff) | |
download | docs-d27be298fbbc186fc2c96d5ad74a74c557603051.tar.gz docs-d27be298fbbc186fc2c96d5ad74a74c557603051.tar.bz2 docs-d27be298fbbc186fc2c96d5ad74a74c557603051.zip |
mention caveats
Diffstat (limited to 'libeufin')
-rw-r--r-- | libeufin/nexus-tutorial.rst | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/libeufin/nexus-tutorial.rst b/libeufin/nexus-tutorial.rst index 95c2e76c..1e3deb9f 100644 --- a/libeufin/nexus-tutorial.rst +++ b/libeufin/nexus-tutorial.rst @@ -190,10 +190,21 @@ Use the following command to run the nexus service: $ libeufin-nexus serve --port 5001 By default, the SQLite3 database ``/tmp/libeufin-nexus.sqlite3`` will be used. +The database can be specified as a JDBC connection URI with the +``--db-conn-string=$DBCONN`` option. Only *SQLite* and *PostgreSQL (only via +TCP)* are supported right now. + +.. warning:: + + For production-grade deployments of LibEuFin, we do not recommend specifying the + secret database credentials via command line arguments, as can will expose + those credentials to other users. + + Instead, the DB connection string should be specified in an environment variable + (which can be set in the systemd unit via an ``EnvironmentFile`` option) + once LibEuFin supports this (see the corresponding + `bug tracker entry <https://bugs.gnunet.org/view.php?id=6720>`__). -We recommend using the ``--db-conn-string=$DBCONN`` option. It instructs Nexus -to reach the database addressed by the JDBC connection URI. Only *SQLite* and -*PostgreSQL (only via TCP)* are supported right now. For example: @@ -212,7 +223,8 @@ to create less privileged users is offered. .. note:: - Privilege separation is not fully implemented yet. + User and permissions management in LibEuFin is still under development. + In particular, permissions for non-superusers are very limited at the moment. The command line interface needs the following three values to be defined in the environment: ``LIBEUFIN_NEXUS_URL``, ``LIBEUFIN_NEXUS_USERNAME``, |