Enforce API authentication by default
In keeping with "secure by default," we've decided to switch the API password from opt-in to opt-out. To make this less painful, siad will now autogenerate an API password file for you. The password file is stored in a default location:
- Linux:
$HOME/.sia/apipassword - MacOS:
$HOME/Library/Application Support/Sia/apipassword - Windows:
%LOCALAPPDATA%\Sia\apipassword
If you want to use your own password, there are three ways to do so:
- Replace the contents of the password file
- Set the
SIA_API_PASSWORDenvironment variable - Pass the
--temp-passwordflag to siad, and enter the password when prompted
All instances of siad on a given machine will read the same password file. To use different passwords for each instance, use one of the latter two methods above.
The new opt-out behavior may break compatibility with existing apps that do not expect to need a password. Long-term, these apps should be updated to read the password file. In the short-term, starting siad with --authenticate-api=false will restore the previous behavior.
Lastly, I'm open to suggestions re: the name of the --temp-password flag.