Encrypted Passwords #7233

tonybourke · 2025-02-27T03:24:27Z

tonybourke
Feb 27, 2025

I'm not wild about the password being in plain text in the ~/.config/code-server/config.yaml file. I can't seem to find any options for encrypting this password, or did I miss something?

Another thought is to run it through Nginx and try doing a PAM authentication module (code-server is running on AlmaLinux). Has anyone had any luck with that?

Answered by code-asher

Mar 6, 2025

You can use hashed_password instead of password.

View full answer

code-asher · 2025-03-06T22:05:19Z

code-asher
Mar 6, 2025
Maintainer

You can use hashed_password instead of password.

4 replies

code-asher Mar 6, 2025
Maintainer

Oops, in the yaml it would be hashed-password (dash not underscore).

You can also use a HASHED_PASSWORD environment variable.

code-server/docs/FAQ.md

Lines 341 to 364 in db5f99d

    
           ## Can I store my password hashed? 
        
           Yes, you can do so by setting the value of `hashed-password` instead of `password`. Generate the hash with: 
        
           ```shell 
        
           echo -n "thisismypassword" | npx argon2-cli -e 
        
           $argon2i$v=19$m=4096,t=3,p=1$wst5qhbgk2lu1ih4dmuxvg$ls1alrvdiwtvzhwnzcm1dugg+5dto3dt1d5v9xtlws4 
        
           ``` 
        
           Replace `thisismypassword` with your actual password and **remember to put it 
        
           inside quotes**! For example: 
        
           ```yaml 
        
           auth: password 
        
           hashed-password: "$argon2i$v=19$m=4096,t=3,p=1$wST5QhBgk2lu1ih4DMuxvg$LS1alrVdIWtvZHwnzCM1DUGg+5DTO3Dt1d5v9XtLws4" 
        
           ``` 
        
           The `hashed-password` field takes precedence over `password`. 
        
           If you're using Docker Compose file, in order to make this work, you need to change all the single $ to $$. For example: 
        
           ```yaml 
        
           - HASHED_PASSWORD=$$argon2i$$v=19$$m=4096,t=3,p=1$$wST5QhBgk2lu1ih4DMuxvg$$LS1alrVdIWtvZHwnzCM1DUGg+5DTO3Dt1d5v9XtLws4 
        
           ```

tonybourke Mar 6, 2025
Author

Is there a different way to make that hash? The command specified throws out all kinds of deprecation warnings, including:

[email protected]: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.

code-asher Mar 7, 2025
Maintainer

Oh interesting yeah looks like argon2-cli has not been updated in quite some time. I think the hashes it generates are still probably going to be valid for code-server, but maybe a better way is to install argon2 without npm. This will depend on your operating system, but I believe Ubuntu for example has argon2 in their package repositories.

tonybourke Mar 10, 2025
Author

I couldn't find an Alma binary for 9.x, not even in elrepo, so I made a quick Python script using the argon2-cffi module and that works pretty well.

tonybourke · 2025-03-06T22:37:03Z

tonybourke
Mar 6, 2025
Author

Awesome, thanks!

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Encrypted Passwords #7233

{{title}}

Replies: 2 comments 4 replies

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

Encrypted Passwords #7233

tonybourke Feb 27, 2025

Replies: 2 comments · 4 replies

code-asher Mar 6, 2025 Maintainer

code-asher Mar 6, 2025 Maintainer

tonybourke Mar 6, 2025 Author

code-asher Mar 7, 2025 Maintainer

tonybourke Mar 10, 2025 Author

tonybourke Mar 6, 2025 Author

tonybourke
Feb 27, 2025

Replies: 2 comments 4 replies

code-asher
Mar 6, 2025
Maintainer

code-asher Mar 6, 2025
Maintainer

tonybourke Mar 6, 2025
Author

code-asher Mar 7, 2025
Maintainer

tonybourke Mar 10, 2025
Author

tonybourke
Mar 6, 2025
Author