ClusterCockpit/cc-backend
1
0
Fork 0
mirror of https://github.com/ClusterCockpit/cc-backend synced 2026-06-18 01:17:29 +02:00
Code Issues Packages Releases Activity

feat(auth): replace .env/godotenv secret handling with config-based secrets

Browse Source 
Secrets (JWT keys, LDAP sync password, OIDC client id/secret, cross-login
keys) are now configured directly in config.json under the auth section
where they are used. Each secret can still be supplied via its existing
environment variable, which takes precedence over the config value.

The godotenv dependency, the .env file, configs/env-template.txt and the
loadEnvironment() bootstrap step are removed. -init now writes the demo
JWT keys into config.json instead of a .env file.

Closes #283

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Entire-Checkpoint: 3a7cb814c53f
This commit is contained in:
Jan Eitzinger
2026-06-17 12:28:17 +02:00
parent 07b9a57479
commit 83d04dff17
22 changed files with 151 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
init/README.md
View File

@@ -12,8 +12,8 @@ specified, the application will call
config file and binding to a TCP port (so it can take a privileged port), but
before it starts accepting any connections. This is good for security, but also
means that the `var/` directory must be readable and writeable by this user.
The `.env` and `config.json` files may contain secrets and should not be
readable by this user. If these files are changed, the server must be restarted.
The `config.json` file may contain secrets and should not be readable by this
user. If this file is changed, the server must be restarted.
```sh
# 1. Clone this repository somewhere in your home
@@ -25,11 +25,9 @@ make
sudo mkdir -p /opt/monitoring/cc-backend/
cp ./cc-backend /opt/monitoring/cc-backend/
# 3. Modify the `./config.json` and env-template.txt file from the configs directory to your liking and put it in the target directory
# 3. Modify the `./config.json` file from the configs directory to your liking and put it in the target directory
cp ./configs/config.json /opt/monitoring/config.json
cp ./configs/env-template.txt /opt/monitoring/.env
vim /opt/monitoring/config.json # do your thing...
vim /opt/monitoring/.env # do your thing...
vim /opt/monitoring/config.json # do your thing (including the secrets under "auth")...
# 4. (Optional) Customization: Add your versions of the login view, legal texts, and logo image.
# You may use the templates in `./web/templates` as blueprint. Every overwrite separate.