Skip to content

RigForge: fetch the stratum access-password at worker setup → default-on stratum auth (Phase 2 of #152) #208

Description

@VijitSingh97

Phase 1 of #152 shipped in #207: p2pool.stratum_password is an opt-in, default-off pithead config knob — a security-conscious operator enables it and sets each rig's stratum pass by hand.

Phase 2 (cross-repo, the zero-friction default-on): RigForge's worker provisioning already takes the stack hostname during setup; it should also retrieve the stratum password and write it into each rig's xmrig pass. Then pithead could auto-generate the secret ("auto") and the whole stack would ship with authenticated stratum on by default, the way PROXY_AUTH_TOKEN is already auto-managed — no manual rig edits.

Open questions for the RigForge side:

  • How the rig kit retrieves the secret from the stack host at setup (it's in pithead's .env as PROXY_STRATUM_PASSWORD and surfaced by pithead status).
  • Rotation story: if the operator regenerates the secret, rigs need to re-fetch.
  • Keep it cleartext-aware: this is LAN access control, not encryption (a TLS-on-stratum follow-on would pair with it).

Implementation lives in the RigForge repo; this is the pithead-side tracking issue. Update docs/workers.md#authentication when default-on lands.

Refs #152, #207.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestp2poolP2Pool sidechainsecuritySecurity-sensitive issue or hardeningsetuppithead, config.json, first-run setup

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions