Lock libretranslate to only users with api keys
-
So, basically, these codes work:
Add a new key:
su - cloudron -c 'source /app/code/.venv/bin/activate; ltmanage keys --api-keys-db-path /app/data/db/api_keys.db add 120'
Show all created keys:
su - cloudron -c 'source /app/code/.venv/bin/activate; ltmanage keys --api-keys-db-path /app/data/db/api_keys.db'But, the remove key doesn't seem to work for me (I don't understand the formatting) and it would be great to have a character set version as well such as from LibreTranslate: ltmanage keys add 120 --char-limit 5000
Okay, sorry for the rapid fire.
-
From the README it seems
Set maximum number of requests per minute per client (outside of limits set by api keys)
so maybe yes. But not really sure. Maybe you can ask upstream about this.Also below
LT_REQUIRE_API_KEY_ORIGIN
is set to true, maybe that means the instance is already locked down to only api keys, but also this is not totally clear to me. -
According to folks on their forum, there's another step to lock down:
https://community.libretranslate.com/t/locking-down-api-key-on-self-hosted-through-cloudron/1767/2
We may need to update the docs here on cloudron:
To configure requirement for api key to use, set --req-limit to 0 and add the --api-keys flag. Requests made without a proper api key will be rejected.
-
-
Looks like the correct way to call
ltmanage
now (probably related to the base image python update), is to first source the pyhton env and then run the command:source /app/code/venv/bin/activate ltmanage keys --api-keys-db-path /app/data/db/api_keys.db
-
Looks like the correct way to call
ltmanage
now (probably related to the base image python update), is to first source the pyhton env and then run the command:source /app/code/venv/bin/activate ltmanage keys --api-keys-db-path /app/data/db/api_keys.db
@nebulon Could you please update the docs?
-
Hello @andreasdueren
I will do so.@james Thank you!
-
According to folks on their forum, there's another step to lock down:
https://community.libretranslate.com/t/locking-down-api-key-on-self-hosted-through-cloudron/1767/2
We may need to update the docs here on cloudron:
To configure requirement for api key to use, set --req-limit to 0 and add the --api-keys flag. Requests made without a proper api key will be rejected.
@visamp Thanks for sharing all this—super helpful for anyone self-hosting on Cloudron. Would definitely be great to have the docs updated with that last bit about
--req-limit
and--api-keys
to avoid any confusion.