Skip to content

Update Hashrate Autopilot to 1.17.0#5857

Open
rdouma wants to merge 1 commit into
getumbrel:masterfrom
rdouma:hashrate-autopilot-1.17.0
Open

Update Hashrate Autopilot to 1.17.0#5857
rdouma wants to merge 1 commit into
getumbrel:masterfrom
rdouma:hashrate-autopilot-1.17.0

Conversation

@rdouma

@rdouma rdouma commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Type

App update

App

App ID: hashrate-autopilot
Upstream project: https://github.com/rdouma/hashrate-autopilot
Version: 1.17.0

Summary

Security release. Credentials the app stores in its SQLite database (Braiins API tokens, bitcoind RPC password, Telegram token, DDNS credential) are now AES-256-GCM encrypted at rest instead of plaintext, and the dashboard password is stored as a one-way scrypt hash. The config-change audit log no longer records credential values (and scrubs any previously logged on upgrade). Users can now change the dashboard password and rotate their Braiins tokens from the dashboard itself, and Profit & Loss counts Lightning payouts via Ocean's earnpay ledger. Existing installs upgrade their stored data in place on first start.

This bump also adds BHA_SECRET_KEY: "${APP_SEED}" to the compose so the at-rest encryption key is the device-derived per-app secret, which lives outside the app's data directory. Without it the app falls back to a keyfile next to the database (still encrypted, but inside app-data); using APP_SEED keeps an app-data backup from ever carrying the key.

Full release notes: https://github.com/rdouma/hashrate-autopilot/releases/tag/v1.17.0

Verification

Umbrel testing performed: installed 1.17.0 as an in-place update over the prior version on a real Umbrel device and verified the new in-app password change end to end. The image is pinned by digest.

Environment tested:

  • Umbrel device
  • Local umbrelOS test environment
  • Not runtime tested

Architecture tested:

  • amd64
  • arm64

The runtime test above was on the maintainer's own Umbrel device (its native architecture). The published multi-arch image is built and CI-verified for both amd64 and arm64; the digest pinned here is the multi-arch index.

Known lint warnings or caveats: none.

Notes

  • New env var: BHA_SECRET_KEY: "${APP_SEED}" (rationale in Summary).
  • No new dependencies, no default credentials, no port change (still 3018 / internal 3010).
  • Migration: on first start the app transparently encrypts its existing plaintext secrets and hashes the stored password. If the key is ever unavailable it treats the affected secret as unset and prompts re-entry rather than failing to boot.

Security release. DB-stored secrets are now AES-256-GCM encrypted at
rest and the dashboard password is scrypt-hashed (previously plaintext);
the config-change audit log no longer records credential values; you can
change the password and rotate Braiins tokens in-app; and Profit & Loss
now counts Lightning payouts via Ocean's earnpay ledger.

Adds BHA_SECRET_KEY=${APP_SEED} so the at-rest encryption key is the
device-derived per-app secret (outside app-data), matching the docs'
promise that an app-data backup does not carry the key.

Release notes: https://github.com/rdouma/hashrate-autopilot/releases/tag/v1.17.0

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant