node-deepstackai-trigger: triggerUri exposes plain text Blue Iris Username and Password

Is your feature request related to a problem? Please describe. When adding a triggerUri for a Blue Iris system that requires authentication, my user and pw are in a file in plain text.

Describe the solution you’d like Preferably this would be a secret, environment variable, or in a file of key/value pairs that get’s ignored when a user backs up their configuration (similar to home assistant: https://www.home-assistant.io/docs/configuration/secrets/).

The best solution in my mind would be to take mustache templating further. For example in the docs there is:

"http://192.168.1.100:81/admin?trigger&camera=FrontDoorHD&user=username&pw=password"

This could become:

"http://192.168.1.100:81/admin?trigger&camera=FrontDoorHD&user={blueIris.username}&pw={blueIris.password}"

This could look inside settings.json. Then alternatively settings.json could use mustache templating to look to an environment variable or secret or key/value pair file; which would be a benefit to all the other settings that have a username/password. Then the mustache templating in triggerUri could consistently look to settings.json. Something like:

{
  "blueIris": {
    "username": "{ENV.BLUE_IRIS_USERNAME}",
    "password": "{ENV.BLUE_IRIS_PASSWORD}"
  }
}

…or possibly SECRET.BLUE_IRIS_PASSWORD or something along those lines.

Describe alternatives you’ve considered I described a couple alternatives above.

Additional context I think the main problem here is the need to separate configuration from secrets. If my server dies, how do I get my configuration back to get up and running again; ideally it’s backed up, but it shouldn’t be backed up with plain text secrets. With my other docker containers I have written a shell script that grabs usernames/passwords from LastPass using their cli and then uses sed to drop them in .env files and then I reference those .env files in my docker-compose (https://docs.docker.com/compose/environment-variables/#the-env_file-configuration-option).

ALSO, I love node/typescript and can probably provide some assistance in this implementation.

ALSO ALSO, thanks to everyone that has contributed to this project. I absolutely love it!

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 20 (19 by maintainers)

Most upvoted comments

@schford This isn’t specific to BlueIris username/password. The API keys and whatnot for the other notification methods are required and considered secrets as well.

+1
neilenns on Oct 31, 2020

When you do your next PR make sure you pull in my change for #380 from main.

+1
neilenns on Oct 11, 2020
Read more comments on GitHub
← vue-signature-pad: Loading signature pad in a component no longer works.
probreg: pt2pl objective gets stuck sometimes →