security: remove hardcoded secrets, add health endpoint, add security headers
This commit is contained in:
@@ -7,13 +7,12 @@ DOCKER_HOST = os.environ.get("DOCKER_HOST", "tcp://docker-socket-proxy:2375")
|
||||
VOLUME_ROOT = os.environ.get("VOLUME_ROOT", "/volume1")
|
||||
|
||||
# Auth
|
||||
SECRET_KEY = os.environ.get("SECRET_KEY", "c1a776b228421830e7c7df0887adc75f74bac65aaa1fc364be96861b1f8c8701")
|
||||
SECRET_KEY = os.environ.get("SECRET_KEY", "")
|
||||
ALGORITHM = "HS256"
|
||||
ACCESS_TOKEN_EXPIRE_MINUTES = 60 * 24 * 7 # 7 days
|
||||
ADMIN_USER = os.environ.get("ADMIN_USER", "admin")
|
||||
# Default hash for "admin" using pbkdf2_sha256 scheme to avoid bcrypt compat issues
|
||||
ADMIN_PASSWORD_HASH = os.environ.get("ADMIN_PASSWORD_HASH", "$pbkdf2-sha256$29000$25tTKoUQIgQghLC2ds4ZYw$H/fCb3H5wmOkwj6l6KrVlmns0TWfzKPOrG3sgVDR.eg")
|
||||
TOTP_SECRET = os.environ.get("TOTP_SECRET", "JBSWY3DPEHPK3PXP") # Base32 encoded secretans 2FA disabled by default
|
||||
ADMIN_PASSWORD_HASH = os.environ.get("ADMIN_PASSWORD_HASH", "")
|
||||
TOTP_SECRET = os.environ.get("TOTP_SECRET", "")
|
||||
|
||||
# SSH terminal
|
||||
SSH_HOST = os.environ.get("SSH_HOST", "host.docker.internal")
|
||||
@@ -27,3 +26,4 @@ VPS_SSH_KEY_PATH = os.environ.get("VPS_SSH_KEY_PATH", "/app/ssh/vps_id_ed25519")
|
||||
# Telegram notifications
|
||||
TELEGRAM_BOT_TOKEN = os.environ.get("TELEGRAM_BOT_TOKEN", "")
|
||||
TELEGRAM_CHAT_ID = os.environ.get("TELEGRAM_CHAT_ID", "")
|
||||
TELEGRAM_PROXY = os.environ.get("TELEGRAM_PROXY", "")
|
||||
|
||||
Reference in New Issue
Block a user