2fauth's .env file: encryption and emails

Hello,

I would like to enable encryption in 2FAuth so my codes are protected at rest in the database, and enable 2FAuth to send emails to me so I can reset my password if I ever need to do this.
Both of these things require editing the .env file, which is located at
/var/www/2fauth/.env

I have a question about each:

  1. Is enabling encryption worth doing if the APP_KEY value is stored in plain text in the .env file? Presumably the .env file itself will not be encrypted, and removing it to a separate storage device will break 2FAuth?
  2. The default mail settings that are in the .env file do not send an email to me when I do the ‘Email configuration test’ in 2FAuth’s ‘Admin’ page (‘App setup’ tab). How do I modify them so I can receive emails? (The explanations of the various parameters in 2FAuth’s documentation only make partial sense to me.)
    The default settings post-installation are:
MAIL_DRIVER=smtp
MAIL_HOST=localhost
MAIL_PORT=587
MAIL_FROM=2fauth@auth.domain.tld
MAIL_USERNAME=2fauth
MAIL_PASSWORD= [a 24-digit string of what looks like hex numbers]
MAIL_ENCRYPTION=starttls
#MAIL_FROM_NAME=null
#MAIL_FROM_ADDRESS=null

Thank you :slight_smile:

Edit: when I try to edit these values and then try to use the ‘reset password’ feature, it returns an error message – irrespective of what I change them to:

Unable to connect with STARTTLS: stream_socket_enable_crypto(): Peer certificate 
CN=`domain.tld' did not match expected

I am also interested in changing some settings in the app.
Did you try to set mail encryption to null?
Do you need to run

php artisan migrate:refresh
php artisan passport:install
php artisan storage:link
php artisan config:cache

After every change to the env file or does it take into account immediately?

I’ve partly answered my own question. These SMTP mail settings can be provided by a third-party service such as MailJet.com – I only found this when looking through Vaultwarden’s wiki on Github, though.
Therefore it’s not something that’s going to work straight after installing 2FAuth.

The other question about encryption remains, though.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.