Updated README.md

README.md

@@ -1,20 +1,23 @@
 # Readme
 Create Pleroma App is a simple python3 script to generate OAuth tokens for your Pleroma account.
 
-By default it will output your credentials as valid python code, but you can disable this with the --plain switch.
+This will output the following credentials as shell variable:
+```
+API_BASE_URL=string
+CLIENT_ID=string
+CLIENT_SECRET=string
+API_BASE_URL=string
+```
 
 ## Installing
-To setup the python3 environment (for Arch Linux) run the following commands:
+To setup the python3 environment run the following commands:
 
 ```
-sudo pacman -Syu
-sudo pacman -S --needed python git
 git clone 'https://git.yandere.cc/Anon/CreatePleromaApp.git'
 cd CreatePleromaApp/
 python -m venv venv
-source venv/bin/activate
 pip install --upgrade pip
-pip install -r requirements.txt
+pip install Mastodon.py
 deactivate
 ./run.sh -h
 ```
@@ -24,17 +27,43 @@ If everything worked correctly you should see usage information on Create Plerom
 ## Default Settings
 If you want to change the default values for the input prompts, you can edit the source code directly in `src/create_app.py`
 
-## Encryption
-You can also encrypt your credentials with the encryption.py module included in the repo. If you choose to use this with your custom bot, you must copy the encryption.py module to your project's root source directory.
-
-See below for an example implementation:
-
+## Generating Your OAuth Tokens
+To generate your tokens, run the following commands and follow the interactive prompts:
 ```
-def decrypt_settings(self):
-	if self.settings_encrypt["encrypt"] and not self.decrypted:
-		import encryption
-		self.settings_server = encryption.settings_server_decrypt(self.settings_server, self.settings_encrypt, keyfile_path)
-	self.decrypted = True
+touch cred.sh
+chmod 600 cred.sh
+cd ..
+git clone 'https://git.yandere.cc/Anon/CreatePleromaApp.git'
+cd CreatePleromaApp/
+./run.sh > ../FediStatusPoster/cred.sh
+# Follow the interactive prompts
+```
+
+## Encrypting Your OAuth Tokens
+If you are going to be running a bot over a long period of time, consider encrypting your OAuth tokens with GPG encryption and a keyfile.
+
+REMINDER: Your keyfile should typically be stored on a seperate removable device that can be quickly disconnected. If your account is compromised, you should also revoke permissions in your Pleroma settings panel.
+```
+touch cred.sh.gpg
+touch cred.sh.key
+chmod 600 cred.sh.key cred.sh.gpg
+</dev/random tr -dc 'a-zA-Z0-9' | head -c4096 > cred.sh.key
+cd ..
+git clone 'https://git.yandere.cc/Anon/CreatePleromaApp.git'
+cd CreatePleromaApp/
+./run.sh | gpg -q -c --pinentry-mode loopback --passphrase-file ../FediStatusPoster/cred.sh.gpg -o ../FediStatusPoster/cred.sh.gpg -
+# Follow the interactive prompts
+```
+
+If you do not want to keep a keyfile, but still want encryption, modify the encryption step with the following:
+```
+./run.sh | gpg -q -c --pinentry-mode loopback -o ../FediStatusPoster/cred.sh.gpg -
+```
+
+Be sure to update `./run.sh` to point to your new paths:
+```
+DEFAULT_CREDENTIALS="cred.sh.gpg"
+DEFAULT_KEYFILE="cred.sh.key" or DEFAULT_KEYFILE="-" (if not using a keyfile)
 ```
 
 ## Donate