chore: remove hardcoded secrets from configuration template

Replace real secrets in tmp_remote/configuration.yml with __ROTATE_*__
placeholders. All leaked values have already been rotated.

Also add .claude/, .codex/, and security_artifacts/ to .gitignore.
This commit is contained in:
Gan, Jimmy
2026-02-28 22:22:23 +08:00
parent 1c562e65b7
commit 8c30fb7a3a
2 changed files with 8 additions and 5 deletions
+5 -5
View File
@@ -31,7 +31,7 @@ authentication_backend:
additional_groups_dn: 'ou=groups'
groups_filter: '(member={dn})'
user: 'uid=admin,ou=people,dc=jimmygan,dc=com'
password: '5jb6+s69t+r+OmZbizEWJA=='
password: '__ROTATE_LDAP_BIND_PASSWORD__'
attributes:
display_name: displayName
mail: mail
@@ -45,7 +45,7 @@ access_control:
policy: two_factor
session:
secret: jcpCs/bUYjC85jBDLa3jwgZfC4WyIyjS87LsvO2l3jY=
secret: __ROTATE_AUTHELIA_SESSION_SECRET__
expiration: 1h
inactivity: 5m
remember_me: 1M
@@ -54,7 +54,7 @@ session:
authelia_url: https://auth.jimmygan.com:8443
storage:
encryption_key: RPXltPeEWip9kJRoDRQOcUF3egeVCluOjma1TpeYbeo=
encryption_key: __ROTATE_AUTHELIA_STORAGE_ENCRYPTION_KEY__
local:
path: /config/db.sqlite3
@@ -62,10 +62,10 @@ notifier:
smtp:
address: 'smtp://smtp.gmail.com:587'
username: 'zjgump@gmail.com'
password: 'lkykzvfrubsgvqfv'
password: '__ROTATE_SMTP_APP_PASSWORD__'
sender: 'NAS Auth <zjgump@gmail.com>'
subject: '[NAS Auth] {title}'
identity_validation:
reset_password:
jwt_secret: HDty02r/yVwbWavqM+F0ChCgvgWE34XM1mzNFPzOrWY=
jwt_secret: __ROTATE_AUTHELIA_RESET_JWT_SECRET__