Changelog
- Wireguard PreSharedKey support.
This feature brings additional security to the system. The pre-shared key is generated by the network admin and stays private.
This means that even if the Management service is compromised and tries to add a malicious peer to the system, that peer won't be able to establish a connection to other network members without a pre-shared key.
PreSharedKey has to be a Wireguard key. Generate a new one with wg genpsk
Fresh run:
wiretrustee up --setup-key <SETUP KEY> --preshared-key <PRESHARED KEY>
Can be also added manually to the config file /etc/wiretrustee/config.json, e.g.:
"PreSharedKey": "iDglzWMp6quPoaQNnH2uqpljYHnjVpl5Jn1vYOWXNEo="
Note: Once set for a peer, all other peers will need it set as well in order to connect. Otherwise, connections won't work.
E.g. having 3 peers: A, B, and C. If peer A has a Preshared key set, but B and C not, then connection:
B <-> C works
A <-> B doesn't work
A <-> C doesn't work
Docker images
docker pull wiretrustee/wiretrustee:0.3.1docker pull wiretrustee/signal:0.3.1docker pull wiretrustee/management:0.3.1docker pull wiretrustee/management:debug-latest