The environment variables are a series of configuration and secret values used by Balancer to build and run its platform. The steps to generate and deploy the environment variables assets are:
- Create and fill the source file (
source.json) - Generate the environment variable assets
- Deploy the assets to the remote host
And that's all! At this point, you'll be able to build and run your Balancer Platform.
As mentioned earlier, several secret values need to be generated to fill the source file. This guide will make use of localkit to simplify the process.
The source file (source.json) file used to generate the environment variable assets has the following schema:
{
"environment": {
"NODE_ENV": "...",
"GUI_URL": "...",
"POSTGRES_HOST": "...",
"POSTGRES_USER": "...",
"POSTGRES_DB": "...",
"POSTGRES_PASSWORD_FILE": "...",
"HASHING_SECRET": "...",
"ENCRYPTING_SECRET": "...",
"ROOT_ACCOUNT": {
"uid": "...",
"nickname": "...",
"password": "...",
"otpSecret": "..."
},
"TELEGRAM": {
"token": "...",
"chatID": 0
},
"ALTCHA_SECRET": "...",
"JWT_SECRET": {
"refresh": "...",
"access": "..."
},
"COOKIE_SECRET": "...",
"EXCHANGE_CONFIGURATION": {
"baseAsset": "...",
"quoteAsset": "...",
"window": "...",
"liquidity": "...",
"coins": "...",
"trading": "..."
},
"EXCHANGE_CREDENTIALS": {
"binance": {
"key": "...",
"secret": "..."
},
"bitfinex": {
"key": "...",
"secret": "..."
},
"kraken": {
"key": "...",
"secret": "..."
}
},
"TUNNEL_TOKEN": "..."
},
"secrets": [
"POSTGRES_PASSWORD_FILE",
"HASHING_SECRET",
"ENCRYPTING_SECRET",
"ROOT_ACCOUNT",
"TELEGRAM",
"ALTCHA_SECRET",
"JWT_SECRET",
"COOKIE_SECRET",
"EXCHANGE_CREDENTIALS"
]
}To get started, create the source.json file and paste the template from above. The data will be entered under the environment property. Make sure to leave the secrets property untouched as Balancer makes use of Docker Compose Secrets to avoid putting sensitive data in the Operating System's environment variables for security reasons.
The environment that will be used by Node.js processes to build and run the platform.
Accepted values are: development | production. If you're not a Balancer developer, set production on this field.
{
"NODE_ENV": "production",
}The URL that will be used to access your Balancer GUI. If you're a Balancer developer, set "http://localhost:5173" on this field. Otherwise, set your URL.
{
"GUI_URL": "https://balancer.jesusgraterol.dev",
}The configuration object that will be used for the PostgreSQL service.
To generate the password, start localkit and generate a random password of at least ~500 characters.
POSTGRES_PASSWORD_FILE sample: "Y@|hmndw02j7JSx9q?t...#o4nf[:9yduNTX3Ob9"
{
"POSTGRES_HOST": "postgres",
"POSTGRES_USER": "postgres",
"POSTGRES_DB": "postgres",
"POSTGRES_PASSWORD_FILE": "<YOUR_PASSWORD>",
}The secret that will be used to hash data such as passwords.
To generate the secret, start localkit and generate a string of 90 - 100 random bytes.
Sample: "1mohlEW4...bHynviQ"
{
"HASHING_SECRET": "<YOUR_SECRET>",
}The secret that will be used to encrypt data such as OTP secrets.
To generate the secret, start localkit and generate a string of 90 - 100 random bytes.
Sample: "1mohlEW4...bHynviQ"
{
"ENCRYPTING_SECRET": "<YOUR_SECRET>",
}The details that will be used to create your root account (user with the highest authority) and can also be generated via localkit.
- The
uidmust be a Universally unique identifier v4 (e.g."4952cdd9-314b-4dd2-9d7e-91b71fc99fa9") - The
passwordmust be a random string of at least ~50 characters (e.g."v(s]lynV...;?6za#yV.,ILc") - The
otpSecretmust be a valid One-Time Password secret (e.g."EJORCBYBHIMU2JKC")
{
"ROOT_ACCOUNT": {
"uid": "<YOUR_UID>",
"nickname": "root",
"password": "<YOUR_UID>",
"otpSecret": "<YOUR_OTP_SECRET>",
},
}Balancer has an internal notifications system that can be upgraded to use Telegram so you're notified whenever an event takes place.
The guide to integrate Telegram can be found here.
tokensample:"5120556612:XLZ1jygn-7PcQcSaTwH8LjBxF4KMfWXPAzA"chatIDsample:-4102361445
{
"TELEGRAM": {
"token": "<YOUR_TOKEN>",
"chatID": <YOUR_CHAT_ID>
},
}If you do not wish to go through with the integration, the environment variable still needs to be set as follows:
{
"TELEGRAM": {
"token": "",
"chatID": 0
},
}The secret that will be used to generate and verify Captcha challenges. This value must be a random string
To generate the secret, start localkit and generate a random password of at least ~128 characters.
Sample: "b,;?d4e8~Wwu7e...<ZID[m7~]81&)"
{
"ALTCHA_SECRET": "<YOUR_SECRET>",
}The secrets that will be used to generate access and refresh JWTs in order to manage authentication.
To generate the secrets, start localkit and generate a string of at least ~100 random bytes.
Sample: "1mohlEW4...bHynviQ"
{
"JWT_SECRET": {
"refresh": "<YOUR_REFRESH_SECRET>",
"access": "<YOUR_ACCESS_SECRET>",
},
}The secret that will be used to sign the authentication cookie in order to prevent tampering.
To generate the secret, start localkit and generate a random password of at least ~128 characters.
Sample: "b,;?d4e8~Wwu7e...<ZID[m7~]81&)"
{
"COOKIE_SECRET": "<YOUR_SECRET>",
}Balancer was coded to be exchange agnostic and modular. In other words, one exchange can be used to gather and process market data while a different exchange can be used for trading.
It is also possible to use any stable coin. At the time of writting this guide, the quoteAsset property accepts any of the following: "USDT", "USDC", "DAI", "FDUSD", "PYUSD", "USDD", "TUSD".
To view the list of supported exchange identifiers, visit: Supported Exchanges.
{
"EXCHANGE_CONFIGURATION": {
"baseAsset": "BTC",
"quoteAsset": "<YOUR_QUOTE_ASSET>",
"window": "<YOUR_EXCHANGE_ID>",
"liquidity": "<YOUR_EXCHANGE_ID>",
"coins": "<YOUR_EXCHANGE_ID>",
"trading": "<YOUR_EXCHANGE_ID>",
},
}The credentials (API Key & Secret) for every exchange used in EXCHANGE_CONFIGURATION must be provided so Balancer can interact with their APIs.
Important: when generating the credentials in the exchange's platform, make sure to limit the actions that can be performed by the key to the very minimum. Balancer will never try to withdraw or trade any pair other than baseAsset/quoteAsset.
{
"EXCHANGE_CREDENTIALS": {
"binance": {
"key": "<YOUR_API_KEY>",
"secret": "<YOUR_API_SECRET>"
},
"kraken": {
"key": "<YOUR_API_KEY>",
"secret": "<YOUR_API_SECRET>"
},
},
}The Balancer platform makes use of the latest technologies as well as best industry practices. However, putting the platform behind a reverse proxy adds an important security layer that can protect you from many different kinds of attacks.
The guide to integrate Cloudflare Tunnel can be found here.
- Sample:
"ekjad2Maslj...WEa20MaL"
{
"TUNNEL_TOKEN": "<YOUR_TOKEN>",
}If you do not wish to go through with the integration, the environment variable still needs to be set as follows:
{
"TUNNEL_TOKEN": "",
}To generate the assets, the CLI will ask you to enter the absolute path for the source file (source.json) and the directory where you wish to store the assets.
One way of visualizing the absolute path of a file or directory is:
readlink -f source.json
# /home/jesusgraterol/Desktop/source.json
readlink -f output
# /home/jesusgraterol/Desktop/outputStart the CLI with npm start, choose the category named Environment Variable Assets and then trigger the generate-envvar-assets action:
Once you have generated the environment variable assets and have stored them securely, you can proceed to deploy them to the remote host by triggering the deploy-envvar-assets action:
