GITBOOK-494: change request with no subject merged in GitBook

Author: Leo Weese

docs/lnd/wallet.md

@@ -1,104 +1,92 @@
-# Wallet management
+# Wallet Management
 
-The wallet in the context of `lnd` is a database file (located in the data
-directory, for example `~/.lnd/data/chain/bitcoin/mainnet/wallet.db` on Linux)
-that contains all addresses and private keys for the on-chain **and** off-chain
-(LN) funds.
+The wallet in the context of `lnd` is a database file (located in the data directory, for example `~/.lnd/data/chain/bitcoin/mainnet/wallet.db` on Linux) that contains all addresses and private keys for the on-chain **and** off-chain (LN) funds.
 
-The wallet is independent of the chain backend that is used (`bitcoind`, `btcd`
-or `neutrino`) and must therefore be created as the first step after starting
-up a fresh `lnd` node.
+The wallet is independent of the chain backend that is used (`bitcoind`, `btcd` or `neutrino`) and must therefore be created as the first step after starting up a fresh `lnd` node.
 
-To protect the sensitive content of the wallet, the database is encrypted with
-a password chosen by the user when creating the wallet (simply called "wallet
-password"). `lnd` will not store that password anywhere by itself (as that would
-defeat the purpose of the password) so every time `lnd` is restarted, its wallet
-needs to be unlocked with that password. This can either be done [manually
-through the command line](#unlocking-a-wallet) or (starting with `lnd` version
-`v0.13.0-beta`) [automatically from a file](#auto-unlocking-a-wallet).
+To protect the sensitive content of the wallet, the database is encrypted with a password chosen by the user when creating the wallet (simply called "wallet password"). `lnd` will not store that password anywhere by itself (as that would defeat the purpose of the password) so every time `lnd` is restarted, its wallet needs to be unlocked with that password. This can either be done [manually through the command line](wallet.md#unlocking-a-wallet) or (starting with `lnd` version `v0.13.0-beta`) [automatically from a file](wallet.md#auto-unlocking-a-wallet).
 
 ## Creating a wallet
 
 If `lnd` is being run for the first time, create a new wallet with:
+
 ```shell
 $   lncli create
 ```
-This will prompt for a wallet password, and optionally a cipher seed
-passphrase.
 
-`lnd` will then print a 24 word cipher seed mnemonic, which can be used to
-recover the wallet in case of data loss. The user should write this down and
-keep in a safe place.
+This will prompt for a wallet password, and optionally a cipher seed passphrase.
+
+`lnd` will then print a 24 word cipher seed mnemonic.
 
-In case a node needs to be recovered from an existing seed, this can also be
-done through the `create` command. Please refer to the
-[recovery guide](recovery.md) for more information about recovering a node.
+{% hint style="warning" %}
+Write down your 24 word cipher seed mnemonic, ideally by hand with pencil on paper. Keep the seed in a safe place.
+{% endhint %}
+
+In case a node needs to be recovered from an existing seed, this can also be done through the `create` command. Please refer to the [recovery guide](recovery.md) for more information about recovering a node.
 
 ## Unlocking a wallet
 
-Every time `lnd` starts up fresh (e.g. after a system restart or a version
-upgrade) the user-chosen wallet password needs to be entered to unlock (decrypt)
-the wallet database.
+Every time `lnd` starts up fresh (e.g. after a system restart or a version upgrade) the user-chosen wallet password needs to be entered to unlock (decrypt) the wallet database.
 
 This will be indicated in `lnd`'s log with a message like this:
 
-```text
+```
 2021-05-06 11:36:11.445 [INF] LTND: Waiting for wallet encryption password. Use `lncli create` to create a wallet, `lncli unlock` to unlock an existing wallet, or `lncli changepassword` to change the password of an existing wallet and unlock it.
 ```
 
 Unlocking the password manually is as simple as running the command
+
 ```shell
 $   lncli unlock
 ```
+
 and then typing the wallet password.
 
 ## Auto-unlocking a wallet
 
-In some situations (for example automated, cluster based setups) it can be
-impractical to manually unlock the wallet every time `lnd` is restarted.
+In some situations (for example automated, cluster based setups) it can be impractical to manually unlock the wallet every time `lnd` is restarted.
 
-In `lnd` version `v0.13.0-beta` and later there is a configuration option to
-tell the wallet to auto-unlock itself by reading the password from a file. This
-can only be activated _after_ the wallet was created manually.
+There is a configuration option to tell the wallet to auto-unlock itself by reading the password from a file. This can only be activated _after_ the wallet was created manually.
 
 ### Very basic example (not very secure)
 
-This example only tries to give a basic, minimal example on how to use the
-auto-unlock feature. Storing a password in a file on the same disk as the wallet
-database is not in itself more secure than leaving the database unencrypted in
-the first place. This example might be useful in a containerized environment
-though where the secrets are mounted to a file anyway.
-
-- Start `lnd` without the flag:
-  ```shell
-  $   lnd --bitcoin.active --bitcoin.xxxx .....
-  ```
-- Create the wallet and write down the seed in a safe place:
-  ```shell
-  $   lncli create
-  ```
-- Stop `lnd` again:
-  ```shell
-  $   lncli stop
-  ```
-- Write the password to a file:
-  ```shell
-  $   echo 'my-$up3r-Secret-Passw0rd' > /some/safe/location/password.txt
-  ```
-- Make sure the password file can only be read by our user:
-  ```shell
-  $   chmod 0400 /some/safe/location/password.txt
-  ```
-- Start `lnd` with the auto-unlock flag:
-  ```shell
-  $   lnd --bitcoin.active --bitcoin.xxxx ..... \
-         --wallet-unlock-password-file=/some/safe/location/password.txt
-  ```
-
-As with every command line flag, the `wallet-unlock-password-file` option can
-also be added to `lnd`'s configuration file, for example:
-
-```text
+This example only tries to give a basic, minimal example on how to use the auto-unlock feature. Storing a password in a file on the same disk as the wallet database is not in itself more secure than leaving the database unencrypted in the first place. This example might be useful in a containerized environment though where the secrets are mounted to a file anyway.
+
+*   Start `lnd` without the flag:
+
+    ```shell
+    $   lnd --bitcoin.active --bitcoin.xxxx .....
+    ```
+*   Create the wallet and write down the seed in a safe place:
+
+    ```shell
+    $   lncli create
+    ```
+*   Stop `lnd` again:
+
+    ```shell
+    $   lncli stop
+    ```
+*   Write the password to a file:
+
+    ```shell
+    $   echo 'my-$up3r-Secret-Passw0rd' > /some/safe/location/password.txt
+    ```
+*   Make sure the password file can only be read by our user:
+
+    ```shell
+    $   chmod 0400 /some/safe/location/password.txt
+    ```
+*   Start `lnd` with the auto-unlock flag:
+
+    ```shell
+    $   lnd --bitcoin.active --bitcoin.xxxx ..... \
+           --wallet-unlock-password-file=/some/safe/location/password.txt
+    ```
+
+As with every command line flag, the `wallet-unlock-password-file` option can also be added to `lnd`'s configuration file, for example:
+
+```
 [Application Options]
 debuglevel=debug
 wallet-unlock-password-file=/some/safe/location/password.txt
@@ -110,82 +98,76 @@ bitcoin.active=1
 
 ### More secure example with password manager and using a named pipe
 
-This example is a bit more involved and requires the use of a password manager
-of some sort. It will also only work on Unix like file systems that support
-named pipes.
-
-We will use the password manager [`pass`](https://www.passwordstore.org/) as an
-example here, but it should work similarly with other password managers.
-
-- Start `lnd` without the flag:
-  ```shell
-  $   lnd --bitcoin.active --bitcoin.xxxx .....
-  ```
-- Create the wallet and write down the seed in a safe place:
-  ```shell
-  $   lncli create
-  ```
-- Stop `lnd` again:
-  ```shell
-  $   lncli stop
-  ```
-- Store the password in `pass`:
-  ```shell
-  $   pass insert lnd/my-wallet-password
-  ```
-- Create a startup script for starting `lnd`, for example `run-lnd.sh`:
-  ```shell
-  #!/bin/bash
-
-  # Create a named pipe. As the name suggests, this is a FIFO (first in first
-  # out) pipe. Everything sent in can be read out again without the content
-  # actually being written to a disk.
-  mkfifo /tmp/wallet-password-pipe
-  
-  # Read the password from the manager and attempt to write it to the pipe. Any
-  # write to a pipe will only be accepted once there is a process that reads
-  # from the pipe at the same time. That's why we need to run this process in
-  # the background (the ampersand & at the end) because it would block our
-  # script from continuing otherwise.
-  pass lnd/my-wallet-password > /tmp/wallet-password-pipe &
-  
-  # Now we can start lnd.
-  lnd --bitcoin.active --bitcoin.xxxx ..... \
-    --wallet-unlock-password-file=/tmp/wallet-password-pipe
-  ```
-- Run the startup script instead of running `lnd` directly.
-  ```shell
-  $   ./run-lnd.sh
-  ```
+This example is a bit more involved and requires the use of a password manager of some sort. It will also only work on Unix like file systems that support named pipes.
+
+We will use the password manager [`pass`](https://www.passwordstore.org/) as an example here, but it should work similarly with other password managers.
+
+*   Start `lnd` without the flag:
+
+    ```shell
+    $   lnd --bitcoin.active --bitcoin.xxxx .....
+    ```
+*   Create the wallet and write down the seed in a safe place:
+
+    ```shell
+    $   lncli create
+    ```
+*   Stop `lnd` again:
+
+    ```shell
+    $   lncli stop
+    ```
+*   Store the password in `pass`:
+
+    ```shell
+    $   pass insert lnd/my-wallet-password
+    ```
+*   Create a startup script for starting `lnd`, for example `run-lnd.sh`:
+
+    ```shell
+    #!/bin/bash
+
+    # Create a named pipe. As the name suggests, this is a FIFO (first in first
+    # out) pipe. Everything sent in can be read out again without the content
+    # actually being written to a disk.
+    mkfifo /tmp/wallet-password-pipe
+
+    # Read the password from the manager and attempt to write it to the pipe. Any
+    # write to a pipe will only be accepted once there is a process that reads
+    # from the pipe at the same time. That's why we need to run this process in
+    # the background (the ampersand & at the end) because it would block our
+    # script from continuing otherwise.
+    pass lnd/my-wallet-password > /tmp/wallet-password-pipe &
+
+    # Now we can start lnd.
+    lnd --bitcoin.active --bitcoin.xxxx ..... \
+      --wallet-unlock-password-file=/tmp/wallet-password-pipe
+    ```
+*   Run the startup script instead of running `lnd` directly.
+
+    ```shell
+    $   ./run-lnd.sh
+    ```
 
 ## Changing the password
 
-Changing the wallet password is possible but only while the wallet is locked.
-So after restarting `lnd`, instead of using the `unlock` command, the
-`changepassword` command can be used:
+Changing the wallet password is possible but only while the wallet is locked. So after restarting `lnd`, instead of using the `unlock` command, the `changepassword` command can be used:
 
 ```shell
 $   lncli changepassword
 ```
 
-This will ask for the old/existing password and a new one. If successful, the
-database is re-encrypted with the new password and then the wallet is also
-unlocked in the process.
+This will ask for the old/existing password and a new one. If successful, the database is re-encrypted with the new password and then the wallet is also unlocked in the process.
 
-## DO NOT USE --noseedbackup on mainnet
+{% hint style="danger" %}
+## DO NOT USE `--noseedbackup` on mainnet
+{% endhint %}
 
-There is a way to get rid of the need to unlock the wallet password: The
-`--noseedbackup` flag.
+There is a way to get rid of the need to unlock the wallet password: The `--noseedbackup` flag.
 
 Using that flag with **real funds (mainnet) is extremely risky for two reasons**:
-1. On first startup a wallet is created automatically. The seed phrase (the 24
-   words needed to restore a wallet) is never shown to the user. Therefore, if
-   the worst thing happens and the hard disk crashes or the wallet file is
-   deleted by accident, **THERE IS NO WAY OF GETTING THE FUNDS BACK**.
-2. In addition to the seed not being known to the user, the wallet database is
-   also not protected. A well-known default password is chosen for the
-   encryption. Any user (or malware) with access to the wallet database can
-   steal the funds if they copy the file.
-
-The `--noseedbackup` flag should only ever be used in a test setup, for example
-on Bitcoin testnet, regtest or simnet.
+
+1. On first startup a wallet is created automatically. The seed phrase (the 24 words needed to restore a wallet) is never shown to the user. Therefore, if the worst thing happens and the hard disk crashes or the wallet file is deleted by accident, **THERE IS NO WAY OF GETTING THE FUNDS BACK**.
+2. In addition to the seed not being known to the user, the wallet database is also not protected. A well-known default password is chosen for the encryption. Any user (or malware) with access to the wallet database can steal the funds if they copy the file.
+
+The `--noseedbackup` flag should only ever be used in a test setup, for example on Bitcoin testnet, regtest or simnet.