Better handling of the passphrase

README.md

@@ -55,14 +55,18 @@ powerful tools.
     * `CONVERT_BINARY`: The path to `convert`, installed as part of ImageMagick.
     * `SCRATCH_DIR`: A place for files to be created and destroyed.  The default
       is as good a place as any.
-    * `CONSUMPTION_DIR`: The directory you scanner will be depositing files.
-      Note that the consumption script will import files from here **and then
-      delete them**.
+    * `CONSUMPTION_DIR`: The directory into which your scanner will be
+      depositing files.  Note that the consumption script will import files from
+      here **and then delete them**.
+    * `PASSPHRASE`: You can set this here, or allow the running of the service
+      to ask you for it each time you start.  If you store the value here, you
+      should probably set the permissions on `settings.py` to `0400`.
 
-3. Run `python manage.py migrate`.  This will create your local database.
+3. Run `python manage.py migrate`.  This will create your local database if it
+   doesn't exist.  You should probably change the permissions on this database
+   file to 0600.
 
-4. Run `python manage.py consume` and enter your preferred passphrase when
-   prompted.
+4. Run `python manage.py consume`.
 
 5. Start the webserver with `python manage.py runserver` and enter the same
    passphrase when prompted.

src/manage.py

@@ -11,9 +11,8 @@ if __name__ == "__main__":
     # The runserver and consumer need to have access to the passphrase, so it
     # must be entered at start time to keep it safe.
     if "runserver" in sys.argv or "consume" in sys.argv:
-        settings.PASSPHRASE = "asdf"
-        if not settings.DEBUG:
+        if not settings.PASSPHRASE:
             settings.PASSPHRASE = input(
-                "Production environment.  Input passphrase: ")
+                "settings.PASSPHRASE is unset.  Input passphrase: ")
 
     execute_from_command_line(sys.argv)

src/paperless/settings.py

@@ -84,6 +84,13 @@ DATABASES = {
         'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
     }
 }
+if os.environ.get("PAPERLESS_DBUSER") and os.environ.get("PAPERLESS_DBPASS"):
+    DATABASES["default"] = {
+        "ENGINE": "django.db.backends.postgresql_psycopg2",
+        "NAME": os.environ.get("PAPERLESS_DBNAME", "paperless"),
+        "USER": os.environ.get("PAPERLESS_DBUSER"),
+        "PASSWORD": os.environ.get("PAPERLESS_DBPASS")
+    }
 
 
 # Password validation
@@ -132,8 +139,13 @@ MEDIA_URL = "/media/"
 # Paperless-specific stuffs
 # Change these paths if yours are different
 
+GNUPG_HOME = os.environ.get("HOME", "/dev/null")
 CONVERT_BINARY = "/usr/bin/convert"
 SCRATCH_DIR = "/tmp/paperless"  # Will be created if it doesn't exist
 CONSUMPTION_DIR = "/tmp/paperless/consume"
-GNUPG_HOME = os.environ.get("HOME", "/dev/null")
-PASSPHRASE = None  # Set via manage.py
+
+# Set this and change the permissions on this file to 0600, or set it to
+# `None` and you'll be prompted for the passphrase at runtime.  The default
+# looks for an environment variable.
+PASSPHRASE = os.environ.get("PAPERLESS_PASSPHRASE")
+