Fix secret scanning issues: Replace hardcoded credentials with environment variables
This commit is contained in:
@@ -71,17 +71,17 @@ mold_cost_online_tool/
|
||||
2. **Set up environment variables**
|
||||
Create `.env.development` file for development:
|
||||
```bash
|
||||
POSTGRES_USER=postgres
|
||||
POSTGRES_PASSWORD=postgres
|
||||
POSTGRES_USER=your_db_user
|
||||
POSTGRES_PASSWORD=your_db_password
|
||||
POSTGRES_DB=mold_cost
|
||||
DATABASE_HOST=db_development
|
||||
SECRET_KEY=your-secret-key
|
||||
SECRET_KEY=your-secret-key-here
|
||||
MAIL_SERVER=smtp.example.com
|
||||
MAIL_USERNAME=your-email@example.com
|
||||
MAIL_PASSWORD=your-password
|
||||
MAIL_PASSWORD=your-mail-password
|
||||
MAIL_DEFAULT_SENDER=your-email@example.com
|
||||
ADMIN_EMAIL=admin@example.com
|
||||
ADMIN_PASSWORD=admin-password
|
||||
ADMIN_PASSWORD=your-admin-password
|
||||
```
|
||||
|
||||
3. **Start the development environment**
|
||||
@@ -122,8 +122,8 @@ mold_cost_online_tool/
|
||||
```bash
|
||||
export FLASK_APP=run.py
|
||||
export FLASK_ENV=development
|
||||
export SECRET_KEY=your-secret-key
|
||||
export DATABASE_URL=postgresql://user:password@localhost/dbname
|
||||
export SECRET_KEY=your-secret-key-here
|
||||
export DATABASE_URL=postgresql://your_user:your_password@localhost/your_dbname
|
||||
```
|
||||
|
||||
6. **Initialize the database**
|
||||
@@ -155,8 +155,8 @@ mold_cost_online_tool/
|
||||
```bash
|
||||
FLASK_APP=run.py
|
||||
FLASK_ENV=production
|
||||
SECRET_KEY=your-secure-secret-key
|
||||
DATABASE_URL=postgresql://user:password@host/dbname
|
||||
SECRET_KEY=your-secure-secret-key-here
|
||||
DATABASE_URL=postgresql://your_user:your_password@your_host/your_dbname
|
||||
```
|
||||
|
||||
3. **Start the application**
|
||||
|
||||
@@ -6,7 +6,7 @@ from pathlib import Path
|
||||
def get_db_url():
|
||||
"""Get database URL from environment variables."""
|
||||
db_user = os.getenv('DB_USER', 'mold_user')
|
||||
db_password = os.getenv('DB_PASSWORD', 'mold_password')
|
||||
db_password = os.getenv('DB_PASSWORD', 'your_db_password_here')
|
||||
db_host = os.getenv('DB_HOST', 'localhost')
|
||||
db_port = os.getenv('DB_PORT', '5434')
|
||||
db_name = os.getenv('DB_NAME', 'mold_cost_calculator_dev')
|
||||
|
||||
@@ -6,7 +6,7 @@ from pathlib import Path
|
||||
def get_db_url():
|
||||
"""Get database URL from environment variables."""
|
||||
db_user = os.getenv('DB_USER', 'mold_user')
|
||||
db_password = os.getenv('DB_PASSWORD', 'mold_password')
|
||||
db_password = os.getenv('DB_PASSWORD', 'your_db_password_here')
|
||||
db_host = os.getenv('DB_HOST', 'localhost')
|
||||
db_port = os.getenv('DB_PORT', '5434')
|
||||
db_name = os.getenv('DB_NAME', 'mold_cost_calculator_dev')
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import os
|
||||
os.environ["SECRET_KEY"] = "XV@hLx*f5dezwYj36py$LKtMm6Qugyuv"
|
||||
os.environ["SECRET_KEY"] = os.getenv("TEST_SECRET_KEY", "test-secret-key-for-testing-only")
|
||||
|
||||
from app import create_app, db
|
||||
from app.models import User, Quotation
|
||||
|
||||
Reference in New Issue
Block a user