You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1.9 KiB
1.9 KiB
NIP-66 monitor – security audit (nsec handling)
Summary
The monitor nsec (NIP66_MONITOR_NSEC) is used only in the nip66-cron container. It is never sent to the web app container, written to config.json, or exposed to the client.
Where the nsec may exist
| Location | Allowed? | Notes |
|---|---|---|
Host env (e.g. .env) |
✅ | Operator sets it; not in repo. |
| jumble-nip66-monitor container env (Imwald monitor) | ✅ | Only service that needs it. |
| jumble web app container env | ❌ | Removed: nsec is not passed to the web app. |
| config.json (served to browser) | ❌ | Entrypoint writes only NIP66_MONITOR_NPUB or {}; never nsec. |
| Frontend (Window.RUNTIME_CONFIG) | ❌ | Type and fetch only include NIP66_MONITOR_NPUB. |
| Vite / build | ❌ | No VITE_NIP66_* or nsec in bundle. |
Checks performed
- docker-entrypoint.sh – Writes config.json only from
NIP66_MONITOR_NPUB; does not read or writeNIP66_MONITOR_NSEC. - docker-compose.prod.yml –
NIP66_MONITOR_NSECis set only on the jumble-nip66-monitor service; the jumble (Imwald SPA) service has onlyNIP66_MONITOR_NPUB. - main.tsx – Fetches config and types only
NIP66_MONITOR_NPUB; no nsec inWindow.__RUNTIME_CONFIG__. - Frontend – No monitor signing code; 30166/10166 publishing is server-only (nip66-cron / Imwald NIP-66 monitor container).
- nip66-cron/index.mjs – Reads nsec from
process.env.NIP66_MONITOR_NSEConly; never logs it or passes it tolog(); comment added to never log or expose it. - RelayInfo / RelayLivelinessSection – Use only
window.__RUNTIME_CONFIG__.NIP66_MONITOR_NPUB(npub) for display.
Recommendation
- Keep NIP66_MONITOR_NSEC only in the host env and in the jumble-nip66-monitor service.
- Do not add nsec to the jumble (web app) service env, config.json, or any client-exposed config.