Bcrypt as password hashing method in the backend

[clamp.git] / README.md

diff --git a/README.md b/README.md
index ea061ce..f9a3414 100644 (file)
--- a/README.md
+++ b/README.md
@@ -91,4 +91,19 @@ With the default log settings, all logs will be generated into console and into
 \r
 ### Api\r
 \r
-You can see the swagger definition for the jaxrs apis at `/restservices/clds/v1/openapi.json`
\ No newline at end of file
+You can see the swagger definition for the jaxrs apis at `/restservices/clds/v1/openapi.json`\r
+\r
+\r
+## Clamp Credentials\r
+\r
+Credentials should be specified in `src/main/resources/clds/clds-users.json`. You might specify you own credential file by redefining the `clamp.config.files.cldsUsers` in `application.properties`.\r
+\r
+Passwords should be hashed using md5, then using Bcrypt :\r
+```\r
+# pip3 install bcrypt  # if you don't have the bcrypt python lib installed, should be done once.\r
+# python3 -c 'import bcrypt; import hashlib; m = hashlib.md5(); m.update("password".encode()); m.hexdigest(); print(bcrypt.hashpw(m.hexdigest().encode(), bcrypt.gensalt(rounds=10, prefix=b"2a")))'\r
+```\r
+\r
+Default credentials are admin/password and cs0008/password.\r
+\r
+\r