Be clearer about private key export

2026-05-01 19:12:57 +02:00 · 2026-04-21 13:46:57 -07:00
parent 0353a98e87
commit 2f412e1a93
4 changed files with 14 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -207,6 +207,7 @@ Only one transport may be active at a time. If multiple are set, the server will
 | `MESHCORE_DISABLE_BOTS` | false | Disable bot system entirely (blocks execution and config; an intermediate security precaution, but not as good as basic auth) |
 | `MESHCORE_BASIC_AUTH_USERNAME` | | Optional app-wide HTTP Basic auth username; must be set together with `MESHCORE_BASIC_AUTH_PASSWORD` |
 | `MESHCORE_BASIC_AUTH_PASSWORD` | | Optional app-wide HTTP Basic auth password; must be set together with `MESHCORE_BASIC_AUTH_USERNAME` |
+| `MESHCORE_ENABLE_LOCAL_PRIVATE_KEY_EXPORT` | false | Enable `GET /api/radio/private-key` to return the in-memory private key as hex for backup or migration. Only enable on a trusted network. Import via `PUT /api/radio/private-key` is always available. |

 Common launch patterns:

--- a/README_ADVANCED.md
+++ b/README_ADVANCED.md
@@ -9,9 +9,16 @@ These are intended for diagnosing or working around radios that behave oddly.
 | `MESHCORE_ENABLE_MESSAGE_POLL_FALLBACK` | false | Run aggressive 10-second `get_msg()` fallback polling to check for messages |
 | `MESHCORE_FORCE_CHANNEL_SLOT_RECONFIGURE` | false | Disable channel-slot reuse and force `set_channel(...)` before every channel send |
 | `MESHCORE_LOAD_WITH_AUTOEVICT` | false | Enable autoevict mode for contact loading (see [Contact Loading Issues](#contact-loading-issues) below) |
-| `MESHCORE_ENABLE_LOCAL_PRIVATE_KEY_EXPORT` | false | Enable `GET /api/radio/private-key` to return the in-memory private key as hex. Only enable on a trusted network when you need to retrieve the key (e.g. for backup or migration). |
 | `__CLOWNTOWN_DO_CLOCK_WRAPAROUND` | false | Highly experimental: if the radio clock is ahead of system time, try forcing the clock to `0xFFFFFFFF`, wait for uint32 wraparound, and then retry normal time sync before falling back to reboot |

+## Private Key Export
+
+`MESHCORE_ENABLE_LOCAL_PRIVATE_KEY_EXPORT=true` enables `GET /api/radio/private-key`, which returns the in-memory private key as hex for backup or migration. The key is held in memory only (exported from the radio on connect) and is never persisted to disk. Only enable this on a trusted network when you need to retrieve the key.
+
+Import via `PUT /api/radio/private-key` is always available regardless of this setting — it is write-only and does not expose key material.
+
+The Radio Settings config export/import feature uses these endpoints. When export is disabled, config exports will omit the private key and show a notice.
+
 By default the app relies on radio events plus MeshCore auto-fetch for incoming messages, and also runs a low-frequency hourly audit poll. That audit checks both:

 - whether messages were left on the radio without reaching the app through event subscription
--- a/docker-compose.example.yml
+++ b/docker-compose.example.yml
@@ -44,6 +44,7 @@ services:
      # MESHCORE_DISABLE_BOTS: "true"
      # MESHCORE_BASIC_AUTH_USERNAME: changeme
      # MESHCORE_BASIC_AUTH_PASSWORD: changeme
+      # MESHCORE_ENABLE_LOCAL_PRIVATE_KEY_EXPORT: "false"

      # Logging
      # MESHCORE_LOG_LEVEL: INFO
--- a/pkg/aur/remoteterm.env
+++ b/pkg/aur/remoteterm.env
@@ -29,3 +29,7 @@ MESHCORE_DISABLE_BOTS=true
 # HTTP Basic Auth (recommended when bots are enabled)
 #MESHCORE_BASIC_AUTH_USERNAME=
 #MESHCORE_BASIC_AUTH_PASSWORD=
+
+# Enable GET /api/radio/private-key to return the in-memory private key as hex
+# for backup or migration. Only enable on a trusted network.
+#MESHCORE_ENABLE_LOCAL_PRIVATE_KEY_EXPORT=false