diff --git a/docker/central-node-a/appsettings.Central.json b/docker/central-node-a/appsettings.Central.json index 66799ef1..b69d33a1 100644 --- a/docker/central-node-a/appsettings.Central.json +++ b/docker/central-node-a/appsettings.Central.json @@ -18,8 +18,7 @@ "MinNrOfMembers": 1 }, "Database": { - "ConfigurationDb": "Server=scadabridge-mssql,1433;Database=ScadaBridgeConfig;User Id=scadabridge_app;Password=ScadaBridge_Dev1#;TrustServerCertificate=true", - "MachineDataDb": "Server=scadabridge-mssql,1433;Database=ScadaBridgeMachineData;User Id=scadabridge_app;Password=ScadaBridge_Dev1#;TrustServerCertificate=true" + "_comment": "ConfigurationDb/MachineDataDb (which carry the dev SQL password) are supplied as ScadaBridge__Database__* whole-key env overrides in docker/docker-compose.yml (dev-only-insecure, mirroring the ApiKeyPepper convention). The same dev password already ships committed for the sibling scadabridge-mssql container (infra/docker-compose.yml MSSQL_SA_PASSWORD) — this is consolidation, not new exposure. Env overrides layer over JSON before the ${secret:} expander runs, so the dev cluster boots with no KEK/secret store. Real/prod config uses ${secret:} tokens in src/.../appsettings.Central.json (T4)." }, "Security": { "Ldap": { @@ -29,13 +28,13 @@ "AllowInsecure": true, "SearchBase": "dc=zb,dc=local", "ServiceAccountDn": "cn=serviceaccount,dc=zb,dc=local", - "ServiceAccountPassword": "serviceaccount123" + "_comment_ServiceAccountPassword": "Supplied as ScadaBridge__Security__Ldap__ServiceAccountPassword env override in docker-compose.yml (dev-only-insecure)." }, "Auth": { "DisableLogin": false, "User": "multi-role" }, - "JwtSigningKey": "scadabridge-dev-jwt-signing-key-must-be-at-least-32-characters-long", + "_comment_JwtSigningKey": "Supplied as ScadaBridge__Security__JwtSigningKey env override in docker-compose.yml (dev-only-insecure).", "JwtExpiryMinutes": 15, "IdleTimeoutMinutes": 30, "RequireHttpsCookie": false, diff --git a/docker/central-node-b/appsettings.Central.json b/docker/central-node-b/appsettings.Central.json index 95c4aa9d..6d52113a 100644 --- a/docker/central-node-b/appsettings.Central.json +++ b/docker/central-node-b/appsettings.Central.json @@ -18,8 +18,7 @@ "MinNrOfMembers": 1 }, "Database": { - "ConfigurationDb": "Server=scadabridge-mssql,1433;Database=ScadaBridgeConfig;User Id=scadabridge_app;Password=ScadaBridge_Dev1#;TrustServerCertificate=true", - "MachineDataDb": "Server=scadabridge-mssql,1433;Database=ScadaBridgeMachineData;User Id=scadabridge_app;Password=ScadaBridge_Dev1#;TrustServerCertificate=true" + "_comment": "ConfigurationDb/MachineDataDb (which carry the dev SQL password) are supplied as ScadaBridge__Database__* whole-key env overrides in docker/docker-compose.yml (dev-only-insecure, mirroring the ApiKeyPepper convention). The same dev password already ships committed for the sibling scadabridge-mssql container (infra/docker-compose.yml MSSQL_SA_PASSWORD) — this is consolidation, not new exposure. Env overrides layer over JSON before the ${secret:} expander runs, so the dev cluster boots with no KEK/secret store. Real/prod config uses ${secret:} tokens in src/.../appsettings.Central.json (T4)." }, "Security": { "Ldap": { @@ -29,13 +28,13 @@ "AllowInsecure": true, "SearchBase": "dc=zb,dc=local", "ServiceAccountDn": "cn=serviceaccount,dc=zb,dc=local", - "ServiceAccountPassword": "serviceaccount123" + "_comment_ServiceAccountPassword": "Supplied as ScadaBridge__Security__Ldap__ServiceAccountPassword env override in docker-compose.yml (dev-only-insecure)." }, "Auth": { "DisableLogin": false, "User": "multi-role" }, - "JwtSigningKey": "scadabridge-dev-jwt-signing-key-must-be-at-least-32-characters-long", + "_comment_JwtSigningKey": "Supplied as ScadaBridge__Security__JwtSigningKey env override in docker-compose.yml (dev-only-insecure).", "JwtExpiryMinutes": 15, "IdleTimeoutMinutes": 30, "RequireHttpsCookie": false, diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 7d3024be..79dd6d95 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -16,6 +16,17 @@ services: # out-of-band (env/secret store), never from source control — see # docs/operations/inbound-api-key-reissue.md. Both Central nodes share one pepper. ScadaBridge__InboundApi__ApiKeyPepper: "dev-only-insecure-pepper-docker-cluster-0001" + # DEV-ONLY local-cluster secrets — NOT real secrets. Relocated out of the mounted + # appsettings.Central.json (G-4 T5 secrets cleanup) so that app-config file carries no + # plaintext credentials. Env overrides layer over JSON BEFORE the ${secret:} pre-host + # expander runs, so the dev cluster boots with no KEK/secret store. The SQL password is + # the same value already committed for the sibling scadabridge-mssql container + # (infra/docker-compose.yml MSSQL_SA_PASSWORD) — consolidation, not new exposure. Real + # deployments use ${secret:} tokens (src/.../appsettings.Central.json) + a seeded store. + ScadaBridge__Database__ConfigurationDb: "Server=scadabridge-mssql,1433;Database=ScadaBridgeConfig;User Id=scadabridge_app;Password=ScadaBridge_Dev1#;TrustServerCertificate=true" + ScadaBridge__Database__MachineDataDb: "Server=scadabridge-mssql,1433;Database=ScadaBridgeMachineData;User Id=scadabridge_app;Password=ScadaBridge_Dev1#;TrustServerCertificate=true" + ScadaBridge__Security__Ldap__ServiceAccountPassword: "serviceaccount123" + ScadaBridge__Security__JwtSigningKey: "scadabridge-dev-jwt-signing-key-must-be-at-least-32-characters-long" ports: - "9001:5000" # Web UI + Inbound API - "9011:8081" # Akka remoting (host access for CLI/debugging) @@ -43,6 +54,17 @@ services: # out-of-band (env/secret store), never from source control — see # docs/operations/inbound-api-key-reissue.md. Both Central nodes share one pepper. ScadaBridge__InboundApi__ApiKeyPepper: "dev-only-insecure-pepper-docker-cluster-0001" + # DEV-ONLY local-cluster secrets — NOT real secrets. Relocated out of the mounted + # appsettings.Central.json (G-4 T5 secrets cleanup) so that app-config file carries no + # plaintext credentials. Env overrides layer over JSON BEFORE the ${secret:} pre-host + # expander runs, so the dev cluster boots with no KEK/secret store. The SQL password is + # the same value already committed for the sibling scadabridge-mssql container + # (infra/docker-compose.yml MSSQL_SA_PASSWORD) — consolidation, not new exposure. Real + # deployments use ${secret:} tokens (src/.../appsettings.Central.json) + a seeded store. + ScadaBridge__Database__ConfigurationDb: "Server=scadabridge-mssql,1433;Database=ScadaBridgeConfig;User Id=scadabridge_app;Password=ScadaBridge_Dev1#;TrustServerCertificate=true" + ScadaBridge__Database__MachineDataDb: "Server=scadabridge-mssql,1433;Database=ScadaBridgeMachineData;User Id=scadabridge_app;Password=ScadaBridge_Dev1#;TrustServerCertificate=true" + ScadaBridge__Security__Ldap__ServiceAccountPassword: "serviceaccount123" + ScadaBridge__Security__JwtSigningKey: "scadabridge-dev-jwt-signing-key-must-be-at-least-32-characters-long" ports: - "9002:5000" # Web UI + Inbound API - "9012:8081" # Akka remoting