Fix secret scanning issues: Replace hardcoded credentials with environment variables
This commit is contained in:
@@ -71,17 +71,17 @@ mold_cost_online_tool/
|
|||||||
2. **Set up environment variables**
|
2. **Set up environment variables**
|
||||||
Create `.env.development` file for development:
|
Create `.env.development` file for development:
|
||||||
```bash
|
```bash
|
||||||
POSTGRES_USER=postgres
|
POSTGRES_USER=your_db_user
|
||||||
POSTGRES_PASSWORD=postgres
|
POSTGRES_PASSWORD=your_db_password
|
||||||
POSTGRES_DB=mold_cost
|
POSTGRES_DB=mold_cost
|
||||||
DATABASE_HOST=db_development
|
DATABASE_HOST=db_development
|
||||||
SECRET_KEY=your-secret-key
|
SECRET_KEY=your-secret-key-here
|
||||||
MAIL_SERVER=smtp.example.com
|
MAIL_SERVER=smtp.example.com
|
||||||
MAIL_USERNAME=your-email@example.com
|
MAIL_USERNAME=your-email@example.com
|
||||||
MAIL_PASSWORD=your-password
|
MAIL_PASSWORD=your-mail-password
|
||||||
MAIL_DEFAULT_SENDER=your-email@example.com
|
MAIL_DEFAULT_SENDER=your-email@example.com
|
||||||
ADMIN_EMAIL=admin@example.com
|
ADMIN_EMAIL=admin@example.com
|
||||||
ADMIN_PASSWORD=admin-password
|
ADMIN_PASSWORD=your-admin-password
|
||||||
```
|
```
|
||||||
|
|
||||||
3. **Start the development environment**
|
3. **Start the development environment**
|
||||||
@@ -122,8 +122,8 @@ mold_cost_online_tool/
|
|||||||
```bash
|
```bash
|
||||||
export FLASK_APP=run.py
|
export FLASK_APP=run.py
|
||||||
export FLASK_ENV=development
|
export FLASK_ENV=development
|
||||||
export SECRET_KEY=your-secret-key
|
export SECRET_KEY=your-secret-key-here
|
||||||
export DATABASE_URL=postgresql://user:password@localhost/dbname
|
export DATABASE_URL=postgresql://your_user:your_password@localhost/your_dbname
|
||||||
```
|
```
|
||||||
|
|
||||||
6. **Initialize the database**
|
6. **Initialize the database**
|
||||||
@@ -155,8 +155,8 @@ mold_cost_online_tool/
|
|||||||
```bash
|
```bash
|
||||||
FLASK_APP=run.py
|
FLASK_APP=run.py
|
||||||
FLASK_ENV=production
|
FLASK_ENV=production
|
||||||
SECRET_KEY=your-secure-secret-key
|
SECRET_KEY=your-secure-secret-key-here
|
||||||
DATABASE_URL=postgresql://user:password@host/dbname
|
DATABASE_URL=postgresql://your_user:your_password@your_host/your_dbname
|
||||||
```
|
```
|
||||||
|
|
||||||
3. **Start the application**
|
3. **Start the application**
|
||||||
|
|||||||
@@ -6,7 +6,7 @@ from pathlib import Path
|
|||||||
def get_db_url():
|
def get_db_url():
|
||||||
"""Get database URL from environment variables."""
|
"""Get database URL from environment variables."""
|
||||||
db_user = os.getenv('DB_USER', 'mold_user')
|
db_user = os.getenv('DB_USER', 'mold_user')
|
||||||
db_password = os.getenv('DB_PASSWORD', 'mold_password')
|
db_password = os.getenv('DB_PASSWORD', 'your_db_password_here')
|
||||||
db_host = os.getenv('DB_HOST', 'localhost')
|
db_host = os.getenv('DB_HOST', 'localhost')
|
||||||
db_port = os.getenv('DB_PORT', '5434')
|
db_port = os.getenv('DB_PORT', '5434')
|
||||||
db_name = os.getenv('DB_NAME', 'mold_cost_calculator_dev')
|
db_name = os.getenv('DB_NAME', 'mold_cost_calculator_dev')
|
||||||
|
|||||||
@@ -6,7 +6,7 @@ from pathlib import Path
|
|||||||
def get_db_url():
|
def get_db_url():
|
||||||
"""Get database URL from environment variables."""
|
"""Get database URL from environment variables."""
|
||||||
db_user = os.getenv('DB_USER', 'mold_user')
|
db_user = os.getenv('DB_USER', 'mold_user')
|
||||||
db_password = os.getenv('DB_PASSWORD', 'mold_password')
|
db_password = os.getenv('DB_PASSWORD', 'your_db_password_here')
|
||||||
db_host = os.getenv('DB_HOST', 'localhost')
|
db_host = os.getenv('DB_HOST', 'localhost')
|
||||||
db_port = os.getenv('DB_PORT', '5434')
|
db_port = os.getenv('DB_PORT', '5434')
|
||||||
db_name = os.getenv('DB_NAME', 'mold_cost_calculator_dev')
|
db_name = os.getenv('DB_NAME', 'mold_cost_calculator_dev')
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
import os
|
import os
|
||||||
os.environ["SECRET_KEY"] = "XV@hLx*f5dezwYj36py$LKtMm6Qugyuv"
|
os.environ["SECRET_KEY"] = os.getenv("TEST_SECRET_KEY", "test-secret-key-for-testing-only")
|
||||||
|
|
||||||
from app import create_app, db
|
from app import create_app, db
|
||||||
from app.models import User, Quotation
|
from app.models import User, Quotation
|
||||||
|
|||||||
Reference in New Issue
Block a user