Fix secret scanning issues: Replace hardcoded credentials with environment variables

This commit is contained in:
Gan, Jimmy
2025-06-24 09:50:24 +08:00
parent e3c9f17a5d
commit a5d979b948
4 changed files with 12 additions and 12 deletions
+9 -9
View File
@@ -71,17 +71,17 @@ mold_cost_online_tool/
2. **Set up environment variables**
Create `.env.development` file for development:
```bash
POSTGRES_USER=postgres
POSTGRES_PASSWORD=postgres
POSTGRES_USER=your_db_user
POSTGRES_PASSWORD=your_db_password
POSTGRES_DB=mold_cost
DATABASE_HOST=db_development
SECRET_KEY=your-secret-key
SECRET_KEY=your-secret-key-here
MAIL_SERVER=smtp.example.com
MAIL_USERNAME=your-email@example.com
MAIL_PASSWORD=your-password
MAIL_PASSWORD=your-mail-password
MAIL_DEFAULT_SENDER=your-email@example.com
ADMIN_EMAIL=admin@example.com
ADMIN_PASSWORD=admin-password
ADMIN_PASSWORD=your-admin-password
```
3. **Start the development environment**
@@ -122,8 +122,8 @@ mold_cost_online_tool/
```bash
export FLASK_APP=run.py
export FLASK_ENV=development
export SECRET_KEY=your-secret-key
export DATABASE_URL=postgresql://user:password@localhost/dbname
export SECRET_KEY=your-secret-key-here
export DATABASE_URL=postgresql://your_user:your_password@localhost/your_dbname
```
6. **Initialize the database**
@@ -155,8 +155,8 @@ mold_cost_online_tool/
```bash
FLASK_APP=run.py
FLASK_ENV=production
SECRET_KEY=your-secure-secret-key
DATABASE_URL=postgresql://user:password@host/dbname
SECRET_KEY=your-secure-secret-key-here
DATABASE_URL=postgresql://your_user:your_password@your_host/your_dbname
```
3. **Start the application**