Preventing the leak of our Self Hosted RustDesk Keys and Server URLs #176
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Hello there,
Thank you very much for the great work with this repo.
I was wondering if it would be possible to add more environmental variables to the compose.yml file or Github Secrets (not sure which one would be the correct one) in order to avoid making public our Self Hosted RustDesk Keys and Server URLs on the workflow logs.
For example, if you go to: https://github.com/bryangerlach/rdgen/actions you will see the workflow logs. If you click any of those and then click generate-bridge and view the logs, you will be able to see all the information coming from rdgen.
For example:
2026-01-08T01:31:52.8632609Z version: 1.4.42026-01-08T01:31:52.8633541Z server: rust.REDACTED.com2026-01-08T01:31:52.8634781Z key: aCAOIREDACTEDRbwJQFyREDACTEDiCiREDACTEDQ7w0=2026-01-08T01:31:52.8636185Z apiServer: https://rust.REDACTED.comThere are currently 21,312 logs on your repo with potentially the same amount of Self Hosted RustDesk Keys and URLs leaked.
Some people might not care having others using their Self Hosted RustDesk Servers but other might want to just use it privately.
So I think there should be a way to prevent this. Sadly, I'm not good with coding so I don't know how to do it myself.
If it's already possible to do something like that, please let me know how to do it.
If you don't have the time to implement something like this, if it's possible, maybe give me some initial guidance for me to try to do it.
I would really appreciate it.
Once again, thanks a lot for the great work!
Currently the logs only last for 1 day, anything older no longer shows the logs. The server, key, apiServer, etc. all have to be entered on the generator website. From there, they have to be sent to the github actions.
I suppose one solution might be to store all the information entered on the generator in a text file, then have it saved on the rdgen server, then send a download link to the github action. Then during the github action, it will first download the settings file. I would need to encrypt the file, and have a decryption key set as a github secret. This would prevent everybody from seeing the information except the person that inputted it and the owner of the rdgen server.
I guess I could also just encrypt the inputs before sending them to github, and decrypt them within the action. This is likely the best option. I honestly haven't spent much time thinking about this. This whole thing basically started as a proof of concept, I'm surprised that nobody else has made a better, more polished version.
Thanks for your quick response!
Yeah I was looking into trying to do everything locally without having to depend on Github Actions but so far no luck.
Your solution is by far the easiest because of how easy you can customize pretty much everything, including the icons, name, and advanced settings. It's funny because I think the main feature of all this is the RustDesk API but I still haven't even used it because I'm still trying to figure this out first.
So there's no way that the workflow Github Actions gets the server, key and apiServer, etc from a Github Secret?
I was reading this file trying to figure out how it works because I think that's the one that receives/process the information from rdgen (?). I wanted to see if I could somehow use a Github secret from there but it is above my level.
I want to know where I can see your information.
Yes, they can use it. Want me to use yours so you can see?
In that photo you only need to copy where it says rd.jnet.my.id and use the Public Key below it that starts with "ty".
That's all you need to be able to use someone else's Self Hosted RustDesk Server.
If you can find it in my logs, you can try. There's no way I'm sending it here
That's different. You can always delete the logs. That's not the point.
The point is to prevent it from showing up on the logs at all.
You're right
I am working on a solution to this. I have a rough idea of what to do, it will just take some time to implement it. Hopefully I can find some free time in the next week or so.
I was able to convert the Server, Server Key and Server API into Secrets.
I just tested it and it works fine.
7cf00c1477@bryangerlach
@DarkLordGMS
@857074609
That will only work with your own server, key, and api though. If you managed multiple servers this would not be a great solution. Also, any public rdgen servers (like mine) that are used by others would not work. I think the only real solution is to encrypt the variables before sending to github.
@bryangerlach Yeah, that would be an even better way to do it, just encrypt all the inputs, not just the Server, Key and API.
Maybe you could run the Actions in another private repository.
I made a fix for this that should prevent the leak of any sensitive data. Test out my newest version and let me know.
Sensitive information is no longer displayed
@bryangerlach Thank you very much. I tested it and almost all the inputs are gone.
Now the only thing that is shown is the GENURL.
Also, it looks like Issue #89 is back even with no spaces on the app name. But I should probably open a new issue for that.
老哥 什么时候支持一下linux macos?