Secret block

The secret { } block is used to define passwords (or ways to retrieve them) for encrypted database storage.

You refer to these secrets block(s) from the ::db-secret configuration item of the modules that use it.

This feature only exists in UnrealIRCd 5.2.0+

Modules that support encrypted database storage
The following modules support encrypted database storage and can be used to refer to secret { } blocks:
 * history module via set::history::channel::db-secret (includes a full example)
 * reputation module via set::reputation::db-secret
 * tkldb module via set::tkldb::db-secret
 * channeldb module via set::channeldb::db-secret

Password requirements
All passwords must conform to the following password complexity requirements:
 * must be 10 characters or longer
 * must contain at least one lowercase letter
 * must contain at least one uppercase letter
 * must contain at least one digit

Syntax & Examples
The password can be specified directly in the configuration file or fetched from elsewhere.

Each secret block has a name: secret name-of-secret {

This name is referred to from other places in the configuration file.

You can use a single secret block and use that same secret block from multiple places (channeldb, tkldb, etc), OR you can have multiple secret blocks (one for each purpose). It's up to you to decide.

Directly in the configuration file
This is the easiest, but the least secure method: secret channeldb { password "somepassword"; }

From an external file
This way you can store the password in a text file in a different place, eg on a different disk, USB stick, etc.. something that isn't stored or backed up altogether with the rest of your unrealircd data.

The file only needs to exist during booting UnrealIRCd, so you could for example connect an USB stick when booting UnrealIRCd and then pull it out once booted. You can rehash the IRCd without the file being needed.

secret channeldb { password-file "/home/xyz/secret.txt"; }

The file (secret.txt in this example) should then contain 1 single line with the password.

Entering on-boot in a terminal
This is the most secure method. It requires you to type the password every time UnrealIRCd is (re)started. After that, you can rehash the IRCd without having to re-enter the key.

The downside is that you can no longer start UnrealIRCd automatically via cron or automatic boot scripts. You will ALWAYS need to start UnrealIRCd manually on a terminal (eg via SSH). secret channeldb { password-prompt; }