mention caveats

1 files changed, 16 insertions, 4 deletions

diff --git a/libeufin/nexus-tutorial.rst b/libeufin/nexus-tutorial.rst
index 95c2e76c..1e3deb9f 100644
--- a/libeufin/nexus-tutorial.rst
+++ b/libeufin/nexus-tutorial.rst
@@ -190,10 +190,21 @@ Use the following command to run the nexus service:
   $ libeufin-nexus serve --port 5001
 
 By default, the SQLite3 database ``/tmp/libeufin-nexus.sqlite3`` will be used.
+The database can be specified as a JDBC connection URI with the
+``--db-conn-string=$DBCONN`` option.  Only *SQLite* and *PostgreSQL (only via
+TCP)* are supported right now.
+
+.. warning::
+
+   For production-grade deployments of LibEuFin, we do not recommend specifying the
+   secret database credentials via command line arguments, as can will expose
+   those credentials to other users.
+
+   Instead, the DB connection string should be specified in an environment variable
+   (which can be set in the systemd unit via an ``EnvironmentFile`` option)
+   once LibEuFin supports this (see the corresponding
+   `bug tracker entry <https://bugs.gnunet.org/view.php?id=6720>`__).
 
-We recommend using the ``--db-conn-string=$DBCONN`` option.  It instructs Nexus
-to reach the database addressed by the JDBC connection URI.  Only *SQLite* and
-*PostgreSQL (only via TCP)* are supported right now.
 
 For example:
 
@@ -212,7 +223,8 @@ to create less privileged users is offered.
 
 .. note::
 
-  Privilege separation is not fully implemented yet.
+  User and permissions management in LibEuFin is still under development.
+  In particular, permissions for non-superusers are very limited at the moment.
 
 The command line interface needs the following three values
 to be defined in the environment: ``LIBEUFIN_NEXUS_URL``, ``LIBEUFIN_NEXUS_USERNAME``,