# cryptpad

[![Build Status](https://build.coopcloud.tech/api/badges/coop-cloud/cryptpad/status.svg)](https://build.coopcloud.tech/coop-cloud/cryptpad)

<!-- metadata -->

* **Category**: Apps
* **Status**: 3
* **Image**: cryptpad/cryptpad
* **Healthcheck**: Yes
* **Backups**: Yes
* **Email**: No
* **Tests**: No
* **SSO**: Yes

<!-- endmetadata -->

## Basic usage

1. Set up Docker Swarm and [`abra`]
2. Deploy [`coop-cloud/traefik`]
3. `abra app new cryptpad --secrets` (optionally with `--pass` if you'd like
   to save secrets in `pass`)
4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
   your Docker swarm box
5. `abra app deploy YOURAPPDOMAIN`
6. Open the configured domain in your browser to finish set-up

At this point, anyone with this domain can register new users with this cryptpad instance.

After you have registered a first user, here is how you can make this user into an admin.
After logging in as your user, go to: https://cryptpad.cctest.autonomic.zone/profile/

Click "Copy Public Key". This will copy your public key into your clipboard. 
Then run `abra app config YOURAPPDOMAIN` and set the value of CRYPTPAD_ADMIN_KEYS
to include your public key. The example in .env.sample shows the required format. 

Then redeploy with `abra app deploy YOURAPPDOMAIN --force`. 

Now when you login as your user, and visit https://cryptpad.cctest.autonomic.zone/admin/,
you should be able to access the admin interface for this cryptpad instance. 

## SSO

SSO support is provided by `compose.sso.yml`. To enable it, add the SSO compose file and set the SSO variables in your app config:

```
COMPOSE_FILE="compose.yml:compose.sso.yml"
SSO_ENABLED=true
```

On the next deploy, the [CryptPad SSO plugin](https://github.com/cryptpad/sso) will be installed automatically.

You also need to configure the remaining SSO environment variables for your OIDC provider:

- `SSO_PROVIDER_NAME` — display name shown on the login button (e.g. `Keycloak`, `Authentik`)
- `SSO_OIDC_URL` — OIDC discovery URL for your provider
- `SSO_CLIENT_ID` — OAuth2 client ID
- `SSO_JWT_ALG` — JWT signing algorithm (e.g. `RS256`)

The client secret is stored as a Docker secret. Insert it with:

```
abra app secret insert YOURAPPDOMAIN sso_client_s v1 YOUR_CLIENT_SECRET
```

Then deploy (or redeploy) to apply: `abra app deploy YOURAPPDOMAIN --force`.

[`abra`]: https://git.coopcloud.tech/coop-cloud/abra
[`coop-cloud/traefik`]: https://git.coopcloud.tech/coop-cloud/traefik