mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-05-09 19:32:24 +00:00
dd5ee8120f
- Fix Export/Import API token authentication (wasn't sending X-API-Token header) - Add client-side passphrase validation (12+ chars with visual feedback) - Fix settings persistence for AllowedOrigins field - Fix hardcoded port display in diagnostics (now shows actual port) - Add .env file support for non-sensitive configuration (ports, logging, etc) - Keep sensitive data (API tokens, passwords) using secure methods (systemd env vars) - Update documentation with configuration guide and latest features - Document auto-discovery, cluster detection, and export/import features
1.4 KiB
1.4 KiB
Pulse Security
Export/Import Protection
By default, configuration export/import is blocked for security. You have two options:
Option 1: Set API Token (Recommended)
# Using systemd (secure)
sudo systemctl edit pulse-backend
# Add:
[Service]
Environment="API_TOKEN=your-secure-token-here"
# Then restart:
sudo systemctl restart pulse-backend
# Docker
docker run -e API_TOKEN=your-token rcourtman/pulse:latest
Option 2: Allow Unprotected Export (Homelab)
# Using systemd
sudo systemctl edit pulse-backend
# Add:
[Service]
Environment="ALLOW_UNPROTECTED_EXPORT=true"
# Docker
docker run -e ALLOW_UNPROTECTED_EXPORT=true rcourtman/pulse:latest
Note: Never put API tokens or passwords in .env files! Use systemd environment variables or Docker secrets for sensitive data.
Security Features
- Encryption: Exports are always encrypted (AES-256-GCM)
- Rate Limiting: 5 attempts per minute on export/import
- Minimum Passphrase: 12 characters required
- Security Tab: Check status in Settings → Security
What's Encrypted in Exports
- Node credentials (passwords, API tokens)
- PBS credentials
- Email settings passwords
What's NOT Encrypted
- Node hostnames and IPs
- Threshold settings
- General configuration
Troubleshooting
Export blocked? Set API_TOKEN or ALLOW_UNPROTECTED_EXPORT=true Rate limited? Wait 1 minute and try again