+ <%= if not TeslaMate.Vault.encryption_key_provided?() or + (not TeslaMate.Api.signed_in?() and not TeslaMate.Auth.can_decrypt_tokens?()) do %> + <% docs_link = link "docs.teslamate.org", to: "https://docs.teslamate.org", + target: "_blank", + rel: "noopener noreferrer" %> + +
+

+  <%= gettext "No encryption key provided" %> +

+

<%= raw(gettext "To ensure that your Tesla API tokens are stored securely, an encryption key must be provided to TeslaMate via the ENCRYPTION_KEY environment variable. Otherwise, a login will be required after every restart.") %>

+

<%= raw(gettext "The automatically generated encryption key used for the current session can be found in the application logs.") %>

+

<%= raw(gettext "For more information, see the updated installation guides on %{link}", link: safe_to_string(docs_link)) %>

+
+ <% end %> +
<%= Enum.map(get_flash(@conn), fn {flash_key, flash_message} -> %>

<%= flash_message %>

diff --git a/mix.exs b/mix.exs index bab3080ae2..fed1e2c143 100644 --- a/mix.exs +++ b/mix.exs @@ -60,7 +60,8 @@ defmodule TeslaMate.MixProject do {:timex, "~> 3.0"}, {:tortoise, "~> 0.10"}, {:tzdata, "~> 1.1"}, - {:websockex, "~> 0.4"} + {:websockex, "~> 0.4"}, + {:cloak_ecto, "~> 1.2"} ] end diff --git a/mix.lock b/mix.lock index 458cd4bb7b..e355004859 100644 --- a/mix.lock +++ b/mix.lock @@ -2,6 +2,8 @@ "castore": {:hex, :castore, "0.1.14", "3f6d7c7c1574c402fef29559d3f1a7389ba3524bc6a090a5e9e6abc3af65dcca", [:mix], [], "hexpm", "b34af542eadb727e6c8b37fdf73e18b2e02eb483a4ea0b52fd500bc23f052b7b"}, "certifi": {:hex, :certifi, "2.8.0", "d4fb0a6bb20b7c9c3643e22507e42f356ac090a1dcea9ab99e27e0376d695eba", [:rebar3], [], "hexpm", "6ac7efc1c6f8600b08d625292d4bbf584e14847ce1b6b5c44d983d273e1097ea"}, "cldr_utils": {:hex, :cldr_utils, "2.17.0", "05453797e5b89f936c54c5602ac881e46b1ba4423a803c27a414466f4b598c94", [:mix], [{:castore, "~> 0.1", [hex: :castore, repo: "hexpm", optional: true]}, {:certifi, "~> 2.5", [hex: :certifi, repo: "hexpm", optional: true]}, {:decimal, "~> 1.9 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}], "hexpm", "6077ddaaa155f27755638225617bdc00c004f39b3c9355b688e52a3fc98d57e8"}, + "cloak": {:hex, :cloak, "1.1.1", "6f8f6674cacd3c504daf2aaeba8f9cde3ae8009ce01ff854dd3e92fbb7954c69", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm", "d440c4ea3a5a31baeaea4592b534dfdccc4ded0ee098b92955a5658cbe7be625"}, + "cloak_ecto": {:hex, :cloak_ecto, "1.2.0", "e86a3df3bf0dc8980f70406bcb0af2858bac247d55494d40bc58a152590bd402", [:mix], [{:cloak, "~> 1.1.1", [hex: :cloak, repo: "hexpm", optional: false]}, {:ecto, "~> 3.0", [hex: :ecto, repo: "hexpm", optional: false]}], "hexpm", "8bcc677185c813fe64b786618bd6689b1707b35cd95acaae0834557b15a0c62f"}, "combine": {:hex, :combine, "0.10.0", "eff8224eeb56498a2af13011d142c5e7997a80c8f5b97c499f84c841032e429f", [:mix], [], "hexpm", "1b1dbc1790073076580d0d1d64e42eae2366583e7aecd455d1215b0d16f2451b"}, "connection": {:hex, :connection, "1.1.0", "ff2a49c4b75b6fb3e674bfc5536451607270aac754ffd1bdfe175abe4a6d7a68", [:mix], [], "hexpm", "722c1eb0a418fbe91ba7bd59a47e28008a189d47e37e0e7bb85585a016b2869c"}, "cowboy": {:hex, :cowboy, "2.9.0", "865dd8b6607e14cf03282e10e934023a1bd8be6f6bacf921a7e2a96d800cd452", [:make, :rebar3], [{:cowlib, "2.11.0", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "1.8.0", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "2c729f934b4e1aa149aff882f57c6372c15399a20d54f65c8d67bef583021bde"}, diff --git a/priv/gettext/da/LC_MESSAGES/default.po b/priv/gettext/da/LC_MESSAGES/default.po index 17709ae72c..e7e90458df 100644 --- a/priv/gettext/da/LC_MESSAGES/default.po +++ b/priv/gettext/da/LC_MESSAGES/default.po @@ -450,7 +450,7 @@ msgstr[0] "Fandt %{count} fil" msgstr[1] "Fandt %{count} filer" #, elixir-format -#: lib/teslamate_web/templates/layout/root.html.heex:87 +#: lib/teslamate_web/templates/layout/root.html.heex:104 msgid "Donate" msgstr "Donér" @@ -551,7 +551,7 @@ msgstr "GitHub" #, elixir-format #: lib/teslamate_web/live/settings_live/index.html.heex:274 -#: lib/teslamate_web/templates/layout/root.html.heex:95 +#: lib/teslamate_web/templates/layout/root.html.heex:112 msgid "Update available" msgstr "Opdatering tilgængelig" @@ -615,3 +615,23 @@ msgstr "" #: lib/teslamate_web/live/car_live/summary.ex:140 msgid "Downloading update" msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:80 +msgid "No encryption key provided" +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:84 +msgid "For more information, see the updated installation guides on %{link}" +msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:83 +msgid "The automatically generated encryption key used for the current session can be found in the application logs." +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:82 +msgid "To ensure that your Tesla API tokens are stored securely, an encryption key must be provided to TeslaMate via the ENCRYPTION_KEY environment variable. Otherwise, a login will be required after every restart." +msgstr "" diff --git a/priv/gettext/de/LC_MESSAGES/default.po b/priv/gettext/de/LC_MESSAGES/default.po index 52a36f7be0..2ba1cb7b0b 100644 --- a/priv/gettext/de/LC_MESSAGES/default.po +++ b/priv/gettext/de/LC_MESSAGES/default.po @@ -450,7 +450,7 @@ msgstr[0] "%{count} Datei gefunden" msgstr[1] "%{count} Dateien gefunden" #, elixir-format -#: lib/teslamate_web/templates/layout/root.html.heex:87 +#: lib/teslamate_web/templates/layout/root.html.heex:104 msgid "Donate" msgstr "Spenden" @@ -551,7 +551,7 @@ msgstr "" #, elixir-format #: lib/teslamate_web/live/settings_live/index.html.heex:274 -#: lib/teslamate_web/templates/layout/root.html.heex:95 +#: lib/teslamate_web/templates/layout/root.html.heex:112 msgid "Update available" msgstr "Update verfügbar" @@ -615,3 +615,23 @@ msgstr "Ihr Tesla-Konto ist aufgrund von zu vielen fehlgeschlagenen Anmeldeversu #: lib/teslamate_web/live/car_live/summary.ex:140 msgid "Downloading update" msgstr "Update wird heruntergeladen" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:80 +msgid "No encryption key provided" +msgstr "Kein Verschlüsselungscode angegeben" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:84 +msgid "For more information, see the updated installation guides on %{link}" +msgstr "Weitere Informationen findest du in den aktualisierten Installationsanleitungen auf %{link}" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:83 +msgid "The automatically generated encryption key used for the current session can be found in the application logs." +msgstr "Der automatisch generierte Verschlüsselungscode, der für die aktuelle Sitzung verwendet wird, ist in den Anwendungslogs einsehbar." + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:82 +msgid "To ensure that your Tesla API tokens are stored securely, an encryption key must be provided to TeslaMate via the ENCRYPTION_KEY environment variable. Otherwise, a login will be required after every restart." +msgstr "Um sicherzustellen, dass deine Tesla-API-Tokens sicher gespeichert werden, muss TeslaMate ein Verschlüsselungscode mittels der Umgebungsvariable ENCRYPTION_KEY übergeben werden." diff --git a/priv/gettext/default.pot b/priv/gettext/default.pot index df063bc787..4c38705d86 100644 --- a/priv/gettext/default.pot +++ b/priv/gettext/default.pot @@ -449,7 +449,7 @@ msgstr[0] "" msgstr[1] "" #, elixir-format -#: lib/teslamate_web/templates/layout/root.html.heex:87 +#: lib/teslamate_web/templates/layout/root.html.heex:104 msgid "Donate" msgstr "" @@ -550,7 +550,7 @@ msgstr "" #, elixir-format #: lib/teslamate_web/live/settings_live/index.html.heex:274 -#: lib/teslamate_web/templates/layout/root.html.heex:95 +#: lib/teslamate_web/templates/layout/root.html.heex:112 msgid "Update available" msgstr "" @@ -614,3 +614,23 @@ msgstr "" #: lib/teslamate_web/live/car_live/summary.ex:140 msgid "Downloading update" msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:80 +msgid "No encryption key provided" +msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:84 +msgid "For more information, see the updated installation guides on %{link}" +msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:83 +msgid "The automatically generated encryption key used for the current session can be found in the application logs." +msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:82 +msgid "To ensure that your Tesla API tokens are stored securely, an encryption key must be provided to TeslaMate via the ENCRYPTION_KEY environment variable. Otherwise, a login will be required after every restart." +msgstr "" diff --git a/priv/gettext/en/LC_MESSAGES/default.po b/priv/gettext/en/LC_MESSAGES/default.po index 1292848bcb..605434c942 100644 --- a/priv/gettext/en/LC_MESSAGES/default.po +++ b/priv/gettext/en/LC_MESSAGES/default.po @@ -450,7 +450,7 @@ msgstr[0] "" msgstr[1] "" #, elixir-format -#: lib/teslamate_web/templates/layout/root.html.heex:87 +#: lib/teslamate_web/templates/layout/root.html.heex:104 msgid "Donate" msgstr "" @@ -551,7 +551,7 @@ msgstr "" #, elixir-format #: lib/teslamate_web/live/settings_live/index.html.heex:274 -#: lib/teslamate_web/templates/layout/root.html.heex:95 +#: lib/teslamate_web/templates/layout/root.html.heex:112 msgid "Update available" msgstr "" @@ -615,3 +615,23 @@ msgstr "" #: lib/teslamate_web/live/car_live/summary.ex:140 msgid "Downloading update" msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:80 +msgid "No encryption key provided" +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:84 +msgid "For more information, see the updated installation guides on %{link}" +msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:83 +msgid "The automatically generated encryption key used for the current session can be found in the application logs." +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:82 +msgid "To ensure that your Tesla API tokens are stored securely, an encryption key must be provided to TeslaMate via the ENCRYPTION_KEY environment variable. Otherwise, a login will be required after every restart." +msgstr "" diff --git a/priv/gettext/es/LC_MESSAGES/default.po b/priv/gettext/es/LC_MESSAGES/default.po index 7ff8298a57..ecadf77cdd 100644 --- a/priv/gettext/es/LC_MESSAGES/default.po +++ b/priv/gettext/es/LC_MESSAGES/default.po @@ -450,7 +450,7 @@ msgstr[0] "Encontrado %{count} archivo" msgstr[1] "Encontrados %{count} archivos" #, elixir-format -#: lib/teslamate_web/templates/layout/root.html.heex:87 +#: lib/teslamate_web/templates/layout/root.html.heex:104 msgid "Donate" msgstr "Donar" @@ -551,7 +551,7 @@ msgstr "GitHub" #, elixir-format #: lib/teslamate_web/live/settings_live/index.html.heex:274 -#: lib/teslamate_web/templates/layout/root.html.heex:95 +#: lib/teslamate_web/templates/layout/root.html.heex:112 msgid "Update available" msgstr "Actualización disponible" @@ -615,3 +615,23 @@ msgstr "Su cuenta Tesla se ha bloqueado a causa de demasiados intentos fallidos #: lib/teslamate_web/live/car_live/summary.ex:140 msgid "Downloading update" msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:80 +msgid "No encryption key provided" +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:84 +msgid "For more information, see the updated installation guides on %{link}" +msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:83 +msgid "The automatically generated encryption key used for the current session can be found in the application logs." +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:82 +msgid "To ensure that your Tesla API tokens are stored securely, an encryption key must be provided to TeslaMate via the ENCRYPTION_KEY environment variable. Otherwise, a login will be required after every restart." +msgstr "" diff --git a/priv/gettext/fi/LC_MESSAGES/default.po b/priv/gettext/fi/LC_MESSAGES/default.po index 72ece59ca4..87385e21c0 100644 --- a/priv/gettext/fi/LC_MESSAGES/default.po +++ b/priv/gettext/fi/LC_MESSAGES/default.po @@ -449,7 +449,7 @@ msgstr[0] "Löytyi %{count} tiedosto" msgstr[1] "Löytyi %{count} tiedostoa" #, elixir-format -#: lib/teslamate_web/templates/layout/root.html.heex:87 +#: lib/teslamate_web/templates/layout/root.html.heex:104 msgid "Donate" msgstr "Lahjoita" @@ -550,7 +550,7 @@ msgstr "GitHub" #, elixir-format #: lib/teslamate_web/live/settings_live/index.html.heex:274 -#: lib/teslamate_web/templates/layout/root.html.heex:95 +#: lib/teslamate_web/templates/layout/root.html.heex:112 msgid "Update available" msgstr "Päivitys saatavilla" @@ -614,3 +614,23 @@ msgstr "" #: lib/teslamate_web/live/car_live/summary.ex:140 msgid "Downloading update" msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:80 +msgid "No encryption key provided" +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:84 +msgid "For more information, see the updated installation guides on %{link}" +msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:83 +msgid "The automatically generated encryption key used for the current session can be found in the application logs." +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:82 +msgid "To ensure that your Tesla API tokens are stored securely, an encryption key must be provided to TeslaMate via the ENCRYPTION_KEY environment variable. Otherwise, a login will be required after every restart." +msgstr "" diff --git a/priv/gettext/fr/LC_MESSAGES/default.po b/priv/gettext/fr/LC_MESSAGES/default.po index 26be60d52c..32689d8534 100644 --- a/priv/gettext/fr/LC_MESSAGES/default.po +++ b/priv/gettext/fr/LC_MESSAGES/default.po @@ -449,7 +449,7 @@ msgstr[0] "Trouvé %{count} fichier" msgstr[1] "Trouvé %{count} fichiers" #, elixir-format -#: lib/teslamate_web/templates/layout/root.html.heex:87 +#: lib/teslamate_web/templates/layout/root.html.heex:104 msgid "Donate" msgstr "Faire un don" @@ -550,7 +550,7 @@ msgstr "GitHub" #, elixir-format #: lib/teslamate_web/live/settings_live/index.html.heex:274 -#: lib/teslamate_web/templates/layout/root.html.heex:95 +#: lib/teslamate_web/templates/layout/root.html.heex:112 msgid "Update available" msgstr "Mise à jour disponible" @@ -614,3 +614,23 @@ msgstr "Votre compte Tesla est verrouillé en raison d'un trop grand nombre de t #: lib/teslamate_web/live/car_live/summary.ex:140 msgid "Downloading update" msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:80 +msgid "No encryption key provided" +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:84 +msgid "For more information, see the updated installation guides on %{link}" +msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:83 +msgid "The automatically generated encryption key used for the current session can be found in the application logs." +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:82 +msgid "To ensure that your Tesla API tokens are stored securely, an encryption key must be provided to TeslaMate via the ENCRYPTION_KEY environment variable. Otherwise, a login will be required after every restart." +msgstr "" diff --git a/priv/gettext/it/LC_MESSAGES/default.po b/priv/gettext/it/LC_MESSAGES/default.po index 8c901fda59..cbb6c30884 100644 --- a/priv/gettext/it/LC_MESSAGES/default.po +++ b/priv/gettext/it/LC_MESSAGES/default.po @@ -449,7 +449,7 @@ msgstr[0] "Trovato %{count} file" msgstr[1] "Trovati %{count} files" #, elixir-format -#: lib/teslamate_web/templates/layout/root.html.heex:87 +#: lib/teslamate_web/templates/layout/root.html.heex:104 msgid "Donate" msgstr "Fai una donazione" @@ -550,7 +550,7 @@ msgstr "GitHub" #, elixir-format #: lib/teslamate_web/live/settings_live/index.html.heex:274 -#: lib/teslamate_web/templates/layout/root.html.heex:95 +#: lib/teslamate_web/templates/layout/root.html.heex:112 msgid "Update available" msgstr "Aggiornamento disponibile" @@ -614,3 +614,23 @@ msgstr "Il tuo account Tesla è bloccato a causa di troppi tentativi di accesso. #: lib/teslamate_web/live/car_live/summary.ex:140 msgid "Downloading update" msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:80 +msgid "No encryption key provided" +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:84 +msgid "For more information, see the updated installation guides on %{link}" +msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:83 +msgid "The automatically generated encryption key used for the current session can be found in the application logs." +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:82 +msgid "To ensure that your Tesla API tokens are stored securely, an encryption key must be provided to TeslaMate via the ENCRYPTION_KEY environment variable. Otherwise, a login will be required after every restart." +msgstr "" diff --git a/priv/gettext/ja/LC_MESSAGES/default.po b/priv/gettext/ja/LC_MESSAGES/default.po index 22336bd8c8..34295f0d2f 100644 --- a/priv/gettext/ja/LC_MESSAGES/default.po +++ b/priv/gettext/ja/LC_MESSAGES/default.po @@ -449,7 +449,7 @@ msgstr[0] "%{count} 個のファイルが見つかりました" msgstr[1] "%{count} 個のファイルが見つかりました" #, elixir-format -#: lib/teslamate_web/templates/layout/root.html.heex:87 +#: lib/teslamate_web/templates/layout/root.html.heex:104 msgid "Donate" msgstr "寄付" @@ -550,7 +550,7 @@ msgstr "GitHub" #, elixir-format #: lib/teslamate_web/live/settings_live/index.html.heex:274 -#: lib/teslamate_web/templates/layout/root.html.heex:95 +#: lib/teslamate_web/templates/layout/root.html.heex:112 msgid "Update available" msgstr "アップデート可能" @@ -614,3 +614,23 @@ msgstr "サインインの試行に失敗した回数が多すぎるため、Tes #: lib/teslamate_web/live/car_live/summary.ex:140 msgid "Downloading update" msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:80 +msgid "No encryption key provided" +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:84 +msgid "For more information, see the updated installation guides on %{link}" +msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:83 +msgid "The automatically generated encryption key used for the current session can be found in the application logs." +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:82 +msgid "To ensure that your Tesla API tokens are stored securely, an encryption key must be provided to TeslaMate via the ENCRYPTION_KEY environment variable. Otherwise, a login will be required after every restart." +msgstr "" diff --git a/priv/gettext/ko/LC_MESSAGES/default.po b/priv/gettext/ko/LC_MESSAGES/default.po index eface6e4a5..9a074858a6 100644 --- a/priv/gettext/ko/LC_MESSAGES/default.po +++ b/priv/gettext/ko/LC_MESSAGES/default.po @@ -450,7 +450,7 @@ msgstr[0] "%{count} 파일을 찾았습니다." msgstr[1] "" #, elixir-format -#: lib/teslamate_web/templates/layout/root.html.heex:87 +#: lib/teslamate_web/templates/layout/root.html.heex:104 msgid "Donate" msgstr "후원" @@ -551,7 +551,7 @@ msgstr "GitHub" #, elixir-format #: lib/teslamate_web/live/settings_live/index.html.heex:274 -#: lib/teslamate_web/templates/layout/root.html.heex:95 +#: lib/teslamate_web/templates/layout/root.html.heex:112 msgid "Update available" msgstr "업데이트 가능" @@ -615,3 +615,23 @@ msgstr "" #: lib/teslamate_web/live/car_live/summary.ex:140 msgid "Downloading update" msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:80 +msgid "No encryption key provided" +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:84 +msgid "For more information, see the updated installation guides on %{link}" +msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:83 +msgid "The automatically generated encryption key used for the current session can be found in the application logs." +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:82 +msgid "To ensure that your Tesla API tokens are stored securely, an encryption key must be provided to TeslaMate via the ENCRYPTION_KEY environment variable. Otherwise, a login will be required after every restart." +msgstr "" diff --git a/priv/gettext/nb/LC_MESSAGES/default.po b/priv/gettext/nb/LC_MESSAGES/default.po index 32d76b1f8b..2fb1ec257e 100644 --- a/priv/gettext/nb/LC_MESSAGES/default.po +++ b/priv/gettext/nb/LC_MESSAGES/default.po @@ -451,7 +451,7 @@ msgstr[0] "%{count} fil" msgstr[1] "%{count} filer" #, elixir-format -#: lib/teslamate_web/templates/layout/root.html.heex:87 +#: lib/teslamate_web/templates/layout/root.html.heex:104 msgid "Donate" msgstr "Donere" @@ -552,7 +552,7 @@ msgstr "GitHub" #, elixir-format #: lib/teslamate_web/live/settings_live/index.html.heex:274 -#: lib/teslamate_web/templates/layout/root.html.heex:95 +#: lib/teslamate_web/templates/layout/root.html.heex:112 msgid "Update available" msgstr "Ny software tilgjengelig" @@ -616,3 +616,23 @@ msgstr "" #: lib/teslamate_web/live/car_live/summary.ex:140 msgid "Downloading update" msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:80 +msgid "No encryption key provided" +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:84 +msgid "For more information, see the updated installation guides on %{link}" +msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:83 +msgid "The automatically generated encryption key used for the current session can be found in the application logs." +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:82 +msgid "To ensure that your Tesla API tokens are stored securely, an encryption key must be provided to TeslaMate via the ENCRYPTION_KEY environment variable. Otherwise, a login will be required after every restart." +msgstr "" diff --git a/priv/gettext/nl/LC_MESSAGES/default.po b/priv/gettext/nl/LC_MESSAGES/default.po index 5d8fc1c7ca..51ea6ed696 100644 --- a/priv/gettext/nl/LC_MESSAGES/default.po +++ b/priv/gettext/nl/LC_MESSAGES/default.po @@ -450,7 +450,7 @@ msgstr[0] "%{count} bestand gevonden" msgstr[1] "%{count} bestanden gevonden" #, elixir-format -#: lib/teslamate_web/templates/layout/root.html.heex:87 +#: lib/teslamate_web/templates/layout/root.html.heex:104 msgid "Donate" msgstr "Doneren" @@ -551,7 +551,7 @@ msgstr "GitHub" #, elixir-format #: lib/teslamate_web/live/settings_live/index.html.heex:274 -#: lib/teslamate_web/templates/layout/root.html.heex:95 +#: lib/teslamate_web/templates/layout/root.html.heex:112 msgid "Update available" msgstr "Update beschikbaar" @@ -615,3 +615,23 @@ msgstr "" #: lib/teslamate_web/live/car_live/summary.ex:140 msgid "Downloading update" msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:80 +msgid "No encryption key provided" +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:84 +msgid "For more information, see the updated installation guides on %{link}" +msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:83 +msgid "The automatically generated encryption key used for the current session can be found in the application logs." +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:82 +msgid "To ensure that your Tesla API tokens are stored securely, an encryption key must be provided to TeslaMate via the ENCRYPTION_KEY environment variable. Otherwise, a login will be required after every restart." +msgstr "" diff --git a/priv/gettext/sv/LC_MESSAGES/default.po b/priv/gettext/sv/LC_MESSAGES/default.po index 663cd88a63..56bad0eb8c 100644 --- a/priv/gettext/sv/LC_MESSAGES/default.po +++ b/priv/gettext/sv/LC_MESSAGES/default.po @@ -450,7 +450,7 @@ msgstr[0] "%{count} fil hittades" msgstr[1] "%{count} filer hittades" #, elixir-format -#: lib/teslamate_web/templates/layout/root.html.heex:87 +#: lib/teslamate_web/templates/layout/root.html.heex:104 msgid "Donate" msgstr "Donera" @@ -551,7 +551,7 @@ msgstr "" #, elixir-format #: lib/teslamate_web/live/settings_live/index.html.heex:274 -#: lib/teslamate_web/templates/layout/root.html.heex:95 +#: lib/teslamate_web/templates/layout/root.html.heex:112 msgid "Update available" msgstr "Uppdatering tillgänglig" @@ -615,3 +615,23 @@ msgstr "Ditt Tesla-konto är låst på grund av för många misslyckade inloggni #: lib/teslamate_web/live/car_live/summary.ex:140 msgid "Downloading update" msgstr "Laddar ner uppdatering" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:80 +msgid "No encryption key provided" +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:84 +msgid "For more information, see the updated installation guides on %{link}" +msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:83 +msgid "The automatically generated encryption key used for the current session can be found in the application logs." +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:82 +msgid "To ensure that your Tesla API tokens are stored securely, an encryption key must be provided to TeslaMate via the ENCRYPTION_KEY environment variable. Otherwise, a login will be required after every restart." +msgstr "" diff --git a/priv/gettext/tr/LC_MESSAGES/default.po b/priv/gettext/tr/LC_MESSAGES/default.po index e75b9d3d0c..8c670bd689 100644 --- a/priv/gettext/tr/LC_MESSAGES/default.po +++ b/priv/gettext/tr/LC_MESSAGES/default.po @@ -449,7 +449,7 @@ msgstr[0] "%{count} dosya bulundu" msgstr[1] "%{count} dosya bulundu" #, elixir-format -#: lib/teslamate_web/templates/layout/root.html.heex:87 +#: lib/teslamate_web/templates/layout/root.html.heex:104 msgid "Donate" msgstr "Bağış Yap" @@ -550,7 +550,7 @@ msgstr "GitHub" #, elixir-format #: lib/teslamate_web/live/settings_live/index.html.heex:274 -#: lib/teslamate_web/templates/layout/root.html.heex:95 +#: lib/teslamate_web/templates/layout/root.html.heex:112 msgid "Update available" msgstr "Güncelleme mevcut" @@ -614,3 +614,23 @@ msgstr "" #: lib/teslamate_web/live/car_live/summary.ex:140 msgid "Downloading update" msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:80 +msgid "No encryption key provided" +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:84 +msgid "For more information, see the updated installation guides on %{link}" +msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:83 +msgid "The automatically generated encryption key used for the current session can be found in the application logs." +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:82 +msgid "To ensure that your Tesla API tokens are stored securely, an encryption key must be provided to TeslaMate via the ENCRYPTION_KEY environment variable. Otherwise, a login will be required after every restart." +msgstr "" diff --git a/priv/gettext/zh_Hans/LC_MESSAGES/default.po b/priv/gettext/zh_Hans/LC_MESSAGES/default.po index e523fda137..c73ffa5f40 100644 --- a/priv/gettext/zh_Hans/LC_MESSAGES/default.po +++ b/priv/gettext/zh_Hans/LC_MESSAGES/default.po @@ -451,7 +451,7 @@ msgstr[0] "" msgstr[1] "" #, elixir-format -#: lib/teslamate_web/templates/layout/root.html.heex:87 +#: lib/teslamate_web/templates/layout/root.html.heex:104 msgid "Donate" msgstr "捐赠" @@ -552,7 +552,7 @@ msgstr "GitHub" #, elixir-format #: lib/teslamate_web/live/settings_live/index.html.heex:274 -#: lib/teslamate_web/templates/layout/root.html.heex:95 +#: lib/teslamate_web/templates/layout/root.html.heex:112 msgid "Update available" msgstr "有可用更新" @@ -616,3 +616,23 @@ msgstr "您的 Tesla 帐户因登录尝试失败次数过多而被锁定。要 #: lib/teslamate_web/live/car_live/summary.ex:140 msgid "Downloading update" msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:80 +msgid "No encryption key provided" +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:84 +msgid "For more information, see the updated installation guides on %{link}" +msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:83 +msgid "The automatically generated encryption key used for the current session can be found in the application logs." +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:82 +msgid "To ensure that your Tesla API tokens are stored securely, an encryption key must be provided to TeslaMate via the ENCRYPTION_KEY environment variable. Otherwise, a login will be required after every restart." +msgstr "" diff --git a/priv/gettext/zh_Hant/LC_MESSAGES/default.po b/priv/gettext/zh_Hant/LC_MESSAGES/default.po index 1270c4ccbb..9117b04a1d 100644 --- a/priv/gettext/zh_Hant/LC_MESSAGES/default.po +++ b/priv/gettext/zh_Hant/LC_MESSAGES/default.po @@ -450,7 +450,7 @@ msgid_plural "Found %{count} files" msgstr[0] "" #, elixir-format -#: lib/teslamate_web/templates/layout/root.html.heex:87 +#: lib/teslamate_web/templates/layout/root.html.heex:104 msgid "Donate" msgstr "捐贈" @@ -550,7 +550,7 @@ msgstr "GitHub" #, elixir-format #: lib/teslamate_web/live/settings_live/index.html.heex:274 -#: lib/teslamate_web/templates/layout/root.html.heex:95 +#: lib/teslamate_web/templates/layout/root.html.heex:112 msgid "Update available" msgstr "有可用更新" @@ -614,3 +614,23 @@ msgstr "" #: lib/teslamate_web/live/car_live/summary.ex:140 msgid "Downloading update" msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:80 +msgid "No encryption key provided" +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:84 +msgid "For more information, see the updated installation guides on %{link}" +msgstr "" + +#, elixir-format, ex-autogen +#: lib/teslamate_web/templates/layout/root.html.heex:83 +msgid "The automatically generated encryption key used for the current session can be found in the application logs." +msgstr "" + +#, elixir-format, ex-autogen, fuzzy +#: lib/teslamate_web/templates/layout/root.html.heex:82 +msgid "To ensure that your Tesla API tokens are stored securely, an encryption key must be provided to TeslaMate via the ENCRYPTION_KEY environment variable. Otherwise, a login will be required after every restart." +msgstr "" diff --git a/priv/repo/migrations/20220123131732_encrypt_api_tokens.exs b/priv/repo/migrations/20220123131732_encrypt_api_tokens.exs new file mode 100644 index 0000000000..3e35df0038 --- /dev/null +++ b/priv/repo/migrations/20220123131732_encrypt_api_tokens.exs @@ -0,0 +1,123 @@ +defmodule TeslaMate.Repo.Migrations.EncryptApiTokens do + use Ecto.Migration + + Code.ensure_loaded!(TeslaMate.Vault) + + defmodule Encrypted.Binary do + use Cloak.Ecto.Binary, vault: TeslaMate.Vault + end + + defmodule Tokens do + use Ecto.Schema + + schema "tokens" do + field(:refresh, :string) + field(:access, :string) + + field(:encrypted_refresh, Encrypted.Binary) + field(:encrypted_access, Encrypted.Binary) + end + end + + defmodule Encryption do + def setup do + {type, key} = + case System.get_env("ENCRYPTION_KEY") do + key when is_binary(key) and byte_size(key) > 0 -> {:existing, key} + _ -> {:generated, generate_key(64)} + end + + setup_vault(key) + + {type, key} + end + + defp generate_key(length) when length > 31 do + :crypto.strong_rand_bytes(length) |> Base.encode64(padding: false) |> binary_part(0, length) + end + + defp setup_vault(key) do + Cloak.Vault.save_config(TeslaMate.Vault.Config, + ciphers: [ + default: TeslaMate.Vault.default_chipher(:crypto.hash(:sha256, key)) + ] + ) + end + end + + defmodule Cache do + require Logger + + def store(encryption_key) do + Enum.each([System.tmp_dir(), import_dir()], fn dir -> + with dir when is_binary(dir) <- dir, + path = Path.join(dir, "tm_encryption.key"), + :ok <- File.write(path, encryption_key) do + Logger.info("Wrote encryption key to #{path}") + end + end) + end + + defp import_dir do + path = + System.get_env("IMPORT_DIR", "import") + |> Path.absname() + + if File.exists?(path), do: path + end + end + + alias TeslaMate.Repo + + def change do + alter table(:tokens) do + add :encrypted_refresh, :binary + add :encrypted_access, :binary + end + + flush() + + with [_ | _] = tokens <- Repo.all(Tokens) do + with {:generated, encryption_key} <- Encryption.setup() do + require Logger + + Logger.warning(""" + \n------------------------------------------------------------------------------ + No ENCRYPTION_KEY was found to encrypt and securly store your API tokens. + + Therefore, the following randomly generated key will be used instead: + + + #{encryption_key} + + + IMPORTANT: Create an environment variable named "ENCRYPTION_KEY" with the value + set to the key above and pass it to the application from now on. + + If you choose to use a different key, a new login with your API tokens will be + required once after starting the application. + ------------------------------------------------------------------------------ + """) + + Cache.store(encryption_key) + end + + Enum.each(tokens, fn %Tokens{} = tokens -> + tokens + |> Ecto.Changeset.change(%{ + encrypted_access: tokens.access, + encrypted_refresh: tokens.refresh + }) + |> Repo.update!() + end) + end + + alter table(:tokens) do + remove :access + remove :refresh + end + + rename table(:tokens), :encrypted_access, to: :access + rename table(:tokens), :encrypted_refresh, to: :refresh + end +end diff --git a/test/teslamate/api_test.exs b/test/teslamate/api_test.exs index 29a7afc2fb..6c9c4ac3f6 100644 --- a/test/teslamate/api_test.exs +++ b/test/teslamate/api_test.exs @@ -65,6 +65,11 @@ defmodule TeslaMate.ApiTest do @valid_tokens %Tokens{access: "$access", refresh: "$refresh"} + setup do + start_supervised!(TeslaMate.Vault) + :ok + end + describe "sign in" do test "starts without tokens", %{test: name} do with_mocks [auth_mock(self()), vehicle_mock(self())] do diff --git a/test/teslamate/auth_test.exs b/test/teslamate/auth_test.exs index 5b44df8472..8321e826ba 100644 --- a/test/teslamate/auth_test.exs +++ b/test/teslamate/auth_test.exs @@ -3,6 +3,11 @@ defmodule TeslaMate.AuthTest do alias TeslaMate.Auth + setup do + start_supervised!(TeslaMate.Vault) + :ok + end + describe "tokens" do @valid_attrs %{refresh_token: "some refresh token", token: "some access token"} @update_attrs %{ diff --git a/test/teslamate/vault_test.exs b/test/teslamate/vault_test.exs new file mode 100644 index 0000000000..c150b3abcf --- /dev/null +++ b/test/teslamate/vault_test.exs @@ -0,0 +1,103 @@ +defmodule TeslaMate.VaultTest do + use ExUnit.Case, async: false + + alias TeslaMate.Vault + + import Mock + + defp key_equals?(key) do + {_cipher_module, cipher_opts} = + Vault.Config + |> Cloak.Vault.read_config() + |> Access.fetch!(:ciphers) + |> Access.fetch!(:default) + + :crypto.hash(:sha256, key) == cipher_opts[:key] + end + + setup context do + keys = context[:encryption_key] || %{} + + config = Application.get_env(:teslamate, TeslaMate.Vault) + Application.put_env(:teslamate, TeslaMate.Vault, Keyword.put(config, :key, keys[:config])) + on_exit(fn -> Application.put_env(:teslamate, TeslaMate.Vault, config) end) + + if encryption_key = keys[:tmp_dir] || keys[:import_dir] do + tmp_dir = context[:tmp_dir] || raise "Add a :tmp_dir tag!" + tmp_path = Path.join(tmp_dir, "tm_encryption.key") + File.write!(tmp_path, encryption_key) + end + + :ok + end + + @tag encryption_key: %{config: "key_from_config"} + test "reads the encryption key from the application config" do + start_supervised!(Vault) + + assert key_equals?("key_from_config") + end + + @tag encryption_key: %{tmp_dir: "key_from_tmp_dir"}, + tmp_dir: "0" + test "falls back to reading the encryption key from the tmp dir", %{tmp_dir: tmp_dir} do + with_mock System, [], tmp_dir: fn -> tmp_dir end do + start_supervised!(Vault) + + assert key_equals?("key_from_tmp_dir") + assert called(System.tmp_dir()) + end + end + + @tag encryption_key: %{import_dir: "key_from_import_dir"}, + tmp_dir: "0" + test "falls back to reading the encryption key from the import dir", %{tmp_dir: tmp_dir} do + with_mock System, [], + tmp_dir: fn -> nil end, + get_env: fn "IMPORT_DIR", "import" -> tmp_dir end do + start_supervised!(Vault) + + assert key_equals?("key_from_import_dir") + assert called(System.get_env("IMPORT_DIR", "import")) + end + end + + @tag :capture_log + test "generates a random key if no key could be restored" do + start_supervised!(Vault) + + assert {:ok, ciphertext} = Vault.encrypt("plaintext") + assert {:ok, "plaintext"} = Vault.decrypt(ciphertext) + + # Restart GenServer + stop_supervised!(Vault) + start_supervised!(Vault) + + # decrytping the ciphertext won't work with the new key + assert {:ok, :error} = Vault.decrypt(ciphertext) + end + + describe "encryption_key_provided?/0" do + @tag encryption_key: %{config: "key"} + test "returns true if the encryption key was provided via the application config" do + start_supervised!(Vault) + + assert Vault.encryption_key_provided?() + end + + @tag :capture_log + @tag encryption_key: %{config: nil} + test "returns false if the encryption key was not provided" do + start_supervised!(Vault) + + refute Vault.encryption_key_provided?() + end + end + + describe "default_chipher/1" do + test "uses AES in GCM mode with a 12 byte IV-length" do + assert {Cloak.Ciphers.AES.GCM, [tag: "AES.GCM.V1", key: "$key", iv_length: 12]} == + Vault.default_chipher("$key") + end + end +end diff --git a/website/docs/configuration/environment_variables.md b/website/docs/configuration/environment_variables.md index 50bde372cc..8c4084587f 100644 --- a/website/docs/configuration/environment_variables.md +++ b/website/docs/configuration/environment_variables.md @@ -6,29 +6,30 @@ sidebar_label: Environment Variables TeslaMate accepts the following environment variables for runtime configuration: -| Variable Name | Description | Default Value | -| --------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | -| **DATABASE_USER** | Username (**required**) | | -| **DATABASE_PASS** | User password (**required**) | | -| **DATABASE_NAME** | The database to connect to (**required**) | | -| **DATABASE_HOST** | Hostname of the database server (**required**) | | -| **DATABASE_PORT** | Port of the database server | 5432 | -| **DATABASE_POOL_SIZE** | Size of the database connection pool | 10 | -| **DATABASE_TIMEOUT** | The time in milliseconds to wait for database query calls to finish | 60000 | -| **DATABASE_SSL** | Set to `true` if SSL should be used | false | -| **DATABASE_IPV6** | Set to `true` if IPv6 should be used | false | -| **VIRTUAL_HOST** | Host part used for generating URLs throughout the app | localhost | -| **CHECK_ORIGIN** | Configures whether to check the origin header or not. May be `true` (**recommended**), `false` (_default_) or a comma-separated list of hosts that are allowed (e.g. `https://example.com,//another.com:8080`). Hosts also support wildcards. If `true`, it will check against the host value in `VIRTUAL_HOST`. | false | -| **PORT** | Port where the web interface is exposed | 4000 | -| **HTTP_BINDING_ADDRESS** | IP address where the web interface is exposed, or blank (_default_) meaning all addresses. | | -| **DISABLE_MQTT** | Disables the MQTT feature if `true` | false | -| **MQTT_HOST** | Hostname of the broker (**required** unless DISABLE_MQTT is `true`) | | +| Variable Name | Description | Default Value | +| --------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- | +| **ENCRYPTION_KEY** | A key used to encrypt the Tesla API tokens (**required**) | | +| **DATABASE_USER** | Username (**required**) | | +| **DATABASE_PASS** | User password (**required**) | | +| **DATABASE_NAME** | The database to connect to (**required**) | | +| **DATABASE_HOST** | Hostname of the database server (**required**) | | +| **DATABASE_PORT** | Port of the database server | 5432 | +| **DATABASE_POOL_SIZE** | Size of the database connection pool | 10 | +| **DATABASE_TIMEOUT** | The time in milliseconds to wait for database query calls to finish | 60000 | +| **DATABASE_SSL** | Set to `true` if SSL should be used | false | +| **DATABASE_IPV6** | Set to `true` if IPv6 should be used | false | +| **VIRTUAL_HOST** | Host part used for generating URLs throughout the app | localhost | +| **CHECK_ORIGIN** | Configures whether to check the origin header or not. May be `true` (**recommended**), `false` (_default_) or a comma-separated list of hosts that are allowed (e.g. `https://example.com,//another.com:8080`). Hosts also support wildcards. If `true`, it will check against the host value in `VIRTUAL_HOST`. | false | +| **PORT** | Port where the web interface is exposed | 4000 | +| **HTTP_BINDING_ADDRESS** | IP address where the web interface is exposed, or blank (_default_) meaning all addresses. | | +| **DISABLE_MQTT** | Disables the MQTT feature if `true` | false | +| **MQTT_HOST** | Hostname of the broker (**required** unless DISABLE_MQTT is `true`) | | | **MQTT_PORT** | Port of the broker | 1883 (8883 for MQTT over TLS) | -| **MQTT_USERNAME** | Username | | -| **MQTT_PASSWORD** | Password | | -| **MQTT_TLS** | Enables TLS if `true` | false | -| **MQTT_TLS_ACCEPT_INVALID_CERTS** | Accepts invalid certificates if `true` | false | -| **MQTT_IPV6** | Set to `true` if IPv6 should be used | false | -| **MQTT_NAMESPACE** | Inserts a custom namespace into the MQTT topic . For example, with `MQTT_NAMESPACE=account_0`: `teslamate/account_0/cars/$car_id/state`. | | -| **IMPORT_DIR** | The path of the directory for the import of data (e.g. TeslaFi) | ./import | -| **TZ** | Used to establish the local time zone, e.g. to use the local time in logs. See [List of tz database time zones](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). | | +| **MQTT_USERNAME** | Username | | +| **MQTT_PASSWORD** | Password | | +| **MQTT_TLS** | Enables TLS if `true` | false | +| **MQTT_TLS_ACCEPT_INVALID_CERTS** | Accepts invalid certificates if `true` | false | +| **MQTT_IPV6** | Set to `true` if IPv6 should be used | false | +| **MQTT_NAMESPACE** | Inserts a custom namespace into the MQTT topic . For example, with `MQTT_NAMESPACE=account_0`: `teslamate/account_0/cars/$car_id/state`. | | +| **IMPORT_DIR** | The path of the directory for the import of data (e.g. TeslaFi) | ./import | +| **TZ** | Used to establish the local time zone, e.g. to use the local time in logs. See [List of tz database time zones](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). | | diff --git a/website/docs/guides/apache.md b/website/docs/guides/apache.md index 20c855a05b..a621472a68 100644 --- a/website/docs/guides/apache.md +++ b/website/docs/guides/apache.md @@ -35,6 +35,7 @@ services: image: teslamate/teslamate:latest restart: always environment: + - ENCRYPTION_KEY=${TM_ENCRYPTION_KEY} - DATABASE_USER=${TM_DB_USER} - DATABASE_PASS=${TM_DB_PASS} - DATABASE_NAME=${TM_DB_NAME} @@ -101,6 +102,7 @@ volumes: This file should reside in the same folder as the docker-compose.yml file. ```plaintext title=".env" +TM_ENCRYPTION_KEY= #your secure key to encrypt your Tesla API tokens TM_DB_USER=teslamate TM_DB_PASS= #your secure password! TM_DB_NAME=teslamate diff --git a/website/docs/guides/traefik.md b/website/docs/guides/traefik.md index 90873aceda..2294c77c82 100644 --- a/website/docs/guides/traefik.md +++ b/website/docs/guides/traefik.md @@ -32,6 +32,7 @@ services: depends_on: - database environment: + - ENCRYPTION_KEY=${TM_ENCRYPTION_KEY} - DATABASE_USER=${TM_DB_USER} - DATABASE_PASS=${TM_DB_PASS} - DATABASE_NAME=${TM_DB_NAME} @@ -141,6 +142,7 @@ volumes: ### .env ```plaintext title=".env" +TM_ENCRYPTION_KEY= #your secure key to encrypt your Tesla API tokens TM_DB_USER=teslamate TM_DB_PASS= #your secure password! TM_DB_NAME=teslamate diff --git a/website/docs/installation/debian.md b/website/docs/installation/debian.md index d2626218dc..71dcfd054f 100644 --- a/website/docs/installation/debian.md +++ b/website/docs/installation/debian.md @@ -211,6 +211,7 @@ You should at least substitute the following details: - `TESLAMATEPATH` should be the path that you ran the `git clone` within. ``` +export ENCRYPTION_KEY="your_secure_encryption_key_here" export DATABASE_USER="teslamate" export DATABASE_PASS="your_secure_password_here" export DATABASE_HOST="127.0.0.1" @@ -228,6 +229,7 @@ $TESLAMATEPATH/_build/prod/rel/teslamate/bin/teslamate start The following command needs to be run once during the installation process in order to create the database schema for the TeslaMate installation: ```bash +export ENCRYPTION_KEY="your_secure_encryption_key_here" export DATABASE_USER="teslamate" export DATABASE_PASS="your_secure_password_here" export DATABASE_HOST="127.0.0.1" diff --git a/website/docs/installation/docker.md b/website/docs/installation/docker.md index a44b938d32..352978c979 100644 --- a/website/docs/installation/docker.md +++ b/website/docs/installation/docker.md @@ -26,8 +26,9 @@ This setup is recommended only if you are running TeslaMate **on your home netwo image: teslamate/teslamate:latest restart: always environment: + - ENCRYPTION_KEY= #insert a secure key to encrypt your Tesla API tokens - DATABASE_USER=teslamate - - DATABASE_PASS= #insert your secure password! + - DATABASE_PASS= #insert your secure database password! - DATABASE_NAME=teslamate - DATABASE_HOST=database - MQTT_HOST=mosquitto @@ -43,7 +44,7 @@ This setup is recommended only if you are running TeslaMate **on your home netwo restart: always environment: - POSTGRES_USER=teslamate - - POSTGRES_PASSWORD= #insert your secure password! + - POSTGRES_PASSWORD= #insert your secure database password! - POSTGRES_DB=teslamate volumes: - teslamate-db:/var/lib/postgresql/data @@ -53,7 +54,7 @@ This setup is recommended only if you are running TeslaMate **on your home netwo restart: always environment: - DATABASE_USER=teslamate - - DATABASE_PASS= #insert your secure password! + - DATABASE_PASS= #insert your secure database password! - DATABASE_NAME=teslamate - DATABASE_HOST=database ports: @@ -78,9 +79,9 @@ This setup is recommended only if you are running TeslaMate **on your home netwo mosquitto-data: ``` -2. Choose your secure database password and insert it at every occurence of `DATABASE_PASS` and `POSTGRES_PASSWORD` - -3. Start the docker containers with `docker-compose up`. To run the containers in the background add the `-d` flag: +2. **Choose a secure encryption key** that will be used to encrypt your Tesla API tokens (insert as `ENCRYPTION_KEY`). +3. **Choose your secure database password** and insert it at every occurence of `DATABASE_PASS` and `POSTGRES_PASSWORD` +4. Start the docker containers with `docker-compose up`. To run the containers in the background add the `-d` flag: ```bash docker-compose up -d diff --git a/website/docs/installation/freebsd.md b/website/docs/installation/freebsd.md index df3557f410..40c6a14632 100644 --- a/website/docs/installation/freebsd.md +++ b/website/docs/installation/freebsd.md @@ -184,6 +184,7 @@ DATABASE_NAME=${teslamate_db-"teslamate"}; export DATABASE_NAME DATABASE_HOST=${teslamate_db_host-"localhost"}; export DATABASE_HOST DATABASE_USER=${teslamate_db_user-"teslamate"}; export DATABASE_USER DATABASE_PASS=${teslamate_db_pass}; export DATABASE_PASS +ENCRYPTION_KEY=${teslamate_encryption_key}; export ENCRYPTION_KEY DISABLE_MQTT=${teslamate_mqtt_enable-"FALSE"}; export DISABLE_MQTT MQTT_HOST=${teslamate_mqtt_host-"localhost"}; export MQTT_HOST VIRTUAL_HOST=${teslamate_virtual_host-"teslamate.example.com"}; export VIRTUAL_HOST @@ -212,6 +213,7 @@ echo teslamate_enable="YES" >> /etc/rc.conf echo teslamate_db_host="localhost" >> /etc/rc.conf echo teslamate_port="5432" >> /etc/rc.conf echo teslamate_db_pass="" >> /etc/rc.conf +echo teslamate_encryption_key="" >> /etc/rc.conf echo teslamate_disable_mqtt="true" >> /etc/rc.conf echo teslamate_timezone="" >> /etc/rc.conf #i.e. Europe/Berlin ```