chore: remove hardcoded secrets from configuration template
Replace real secrets in tmp_remote/configuration.yml with __ROTATE_*__ placeholders. All leaked values have already been rotated. Also add .claude/, .codex/, and security_artifacts/ to .gitignore.
This commit is contained in:
@@ -5,3 +5,6 @@ dist/
|
||||
__pycache__/
|
||||
dashboard/nas-dashboard.tar
|
||||
dashboard/ssh/
|
||||
.claude/
|
||||
.codex/
|
||||
security_artifacts/
|
||||
|
||||
@@ -31,7 +31,7 @@ authentication_backend:
|
||||
additional_groups_dn: 'ou=groups'
|
||||
groups_filter: '(member={dn})'
|
||||
user: 'uid=admin,ou=people,dc=jimmygan,dc=com'
|
||||
password: '5jb6+s69t+r+OmZbizEWJA=='
|
||||
password: '__ROTATE_LDAP_BIND_PASSWORD__'
|
||||
attributes:
|
||||
display_name: displayName
|
||||
mail: mail
|
||||
@@ -45,7 +45,7 @@ access_control:
|
||||
policy: two_factor
|
||||
|
||||
session:
|
||||
secret: jcpCs/bUYjC85jBDLa3jwgZfC4WyIyjS87LsvO2l3jY=
|
||||
secret: __ROTATE_AUTHELIA_SESSION_SECRET__
|
||||
expiration: 1h
|
||||
inactivity: 5m
|
||||
remember_me: 1M
|
||||
@@ -54,7 +54,7 @@ session:
|
||||
authelia_url: https://auth.jimmygan.com:8443
|
||||
|
||||
storage:
|
||||
encryption_key: RPXltPeEWip9kJRoDRQOcUF3egeVCluOjma1TpeYbeo=
|
||||
encryption_key: __ROTATE_AUTHELIA_STORAGE_ENCRYPTION_KEY__
|
||||
local:
|
||||
path: /config/db.sqlite3
|
||||
|
||||
@@ -62,10 +62,10 @@ notifier:
|
||||
smtp:
|
||||
address: 'smtp://smtp.gmail.com:587'
|
||||
username: 'zjgump@gmail.com'
|
||||
password: 'lkykzvfrubsgvqfv'
|
||||
password: '__ROTATE_SMTP_APP_PASSWORD__'
|
||||
sender: 'NAS Auth <zjgump@gmail.com>'
|
||||
subject: '[NAS Auth] {title}'
|
||||
|
||||
identity_validation:
|
||||
reset_password:
|
||||
jwt_secret: HDty02r/yVwbWavqM+F0ChCgvgWE34XM1mzNFPzOrWY=
|
||||
jwt_secret: __ROTATE_AUTHELIA_RESET_JWT_SECRET__
|
||||
|
||||
Reference in New Issue
Block a user