chore(secrets): remove committed dev plaintext from docker central nodes + loose login files (ScadaBridge G-4 T5)
This commit is contained in:
@@ -18,8 +18,7 @@
|
||||
"MinNrOfMembers": 1
|
||||
},
|
||||
"Database": {
|
||||
"ConfigurationDb": "Server=scadabridge-mssql,1433;Database=ScadaBridgeConfig;User Id=scadabridge_app;Password=ScadaBridge_Dev1#;TrustServerCertificate=true",
|
||||
"MachineDataDb": "Server=scadabridge-mssql,1433;Database=ScadaBridgeMachineData;User Id=scadabridge_app;Password=ScadaBridge_Dev1#;TrustServerCertificate=true"
|
||||
"_comment": "ConfigurationDb/MachineDataDb (which carry the dev SQL password) are supplied as ScadaBridge__Database__* whole-key env overrides in docker/docker-compose.yml (dev-only-insecure, mirroring the ApiKeyPepper convention). The same dev password already ships committed for the sibling scadabridge-mssql container (infra/docker-compose.yml MSSQL_SA_PASSWORD) — this is consolidation, not new exposure. Env overrides layer over JSON before the ${secret:} expander runs, so the dev cluster boots with no KEK/secret store. Real/prod config uses ${secret:} tokens in src/.../appsettings.Central.json (T4)."
|
||||
},
|
||||
"Security": {
|
||||
"Ldap": {
|
||||
@@ -29,13 +28,13 @@
|
||||
"AllowInsecure": true,
|
||||
"SearchBase": "dc=zb,dc=local",
|
||||
"ServiceAccountDn": "cn=serviceaccount,dc=zb,dc=local",
|
||||
"ServiceAccountPassword": "serviceaccount123"
|
||||
"_comment_ServiceAccountPassword": "Supplied as ScadaBridge__Security__Ldap__ServiceAccountPassword env override in docker-compose.yml (dev-only-insecure)."
|
||||
},
|
||||
"Auth": {
|
||||
"DisableLogin": false,
|
||||
"User": "multi-role"
|
||||
},
|
||||
"JwtSigningKey": "scadabridge-dev-jwt-signing-key-must-be-at-least-32-characters-long",
|
||||
"_comment_JwtSigningKey": "Supplied as ScadaBridge__Security__JwtSigningKey env override in docker-compose.yml (dev-only-insecure).",
|
||||
"JwtExpiryMinutes": 15,
|
||||
"IdleTimeoutMinutes": 30,
|
||||
"RequireHttpsCookie": false,
|
||||
|
||||
@@ -18,8 +18,7 @@
|
||||
"MinNrOfMembers": 1
|
||||
},
|
||||
"Database": {
|
||||
"ConfigurationDb": "Server=scadabridge-mssql,1433;Database=ScadaBridgeConfig;User Id=scadabridge_app;Password=ScadaBridge_Dev1#;TrustServerCertificate=true",
|
||||
"MachineDataDb": "Server=scadabridge-mssql,1433;Database=ScadaBridgeMachineData;User Id=scadabridge_app;Password=ScadaBridge_Dev1#;TrustServerCertificate=true"
|
||||
"_comment": "ConfigurationDb/MachineDataDb (which carry the dev SQL password) are supplied as ScadaBridge__Database__* whole-key env overrides in docker/docker-compose.yml (dev-only-insecure, mirroring the ApiKeyPepper convention). The same dev password already ships committed for the sibling scadabridge-mssql container (infra/docker-compose.yml MSSQL_SA_PASSWORD) — this is consolidation, not new exposure. Env overrides layer over JSON before the ${secret:} expander runs, so the dev cluster boots with no KEK/secret store. Real/prod config uses ${secret:} tokens in src/.../appsettings.Central.json (T4)."
|
||||
},
|
||||
"Security": {
|
||||
"Ldap": {
|
||||
@@ -29,13 +28,13 @@
|
||||
"AllowInsecure": true,
|
||||
"SearchBase": "dc=zb,dc=local",
|
||||
"ServiceAccountDn": "cn=serviceaccount,dc=zb,dc=local",
|
||||
"ServiceAccountPassword": "serviceaccount123"
|
||||
"_comment_ServiceAccountPassword": "Supplied as ScadaBridge__Security__Ldap__ServiceAccountPassword env override in docker-compose.yml (dev-only-insecure)."
|
||||
},
|
||||
"Auth": {
|
||||
"DisableLogin": false,
|
||||
"User": "multi-role"
|
||||
},
|
||||
"JwtSigningKey": "scadabridge-dev-jwt-signing-key-must-be-at-least-32-characters-long",
|
||||
"_comment_JwtSigningKey": "Supplied as ScadaBridge__Security__JwtSigningKey env override in docker-compose.yml (dev-only-insecure).",
|
||||
"JwtExpiryMinutes": 15,
|
||||
"IdleTimeoutMinutes": 30,
|
||||
"RequireHttpsCookie": false,
|
||||
|
||||
@@ -16,6 +16,17 @@ services:
|
||||
# out-of-band (env/secret store), never from source control — see
|
||||
# docs/operations/inbound-api-key-reissue.md. Both Central nodes share one pepper.
|
||||
ScadaBridge__InboundApi__ApiKeyPepper: "dev-only-insecure-pepper-docker-cluster-0001"
|
||||
# DEV-ONLY local-cluster secrets — NOT real secrets. Relocated out of the mounted
|
||||
# appsettings.Central.json (G-4 T5 secrets cleanup) so that app-config file carries no
|
||||
# plaintext credentials. Env overrides layer over JSON BEFORE the ${secret:} pre-host
|
||||
# expander runs, so the dev cluster boots with no KEK/secret store. The SQL password is
|
||||
# the same value already committed for the sibling scadabridge-mssql container
|
||||
# (infra/docker-compose.yml MSSQL_SA_PASSWORD) — consolidation, not new exposure. Real
|
||||
# deployments use ${secret:} tokens (src/.../appsettings.Central.json) + a seeded store.
|
||||
ScadaBridge__Database__ConfigurationDb: "Server=scadabridge-mssql,1433;Database=ScadaBridgeConfig;User Id=scadabridge_app;Password=ScadaBridge_Dev1#;TrustServerCertificate=true"
|
||||
ScadaBridge__Database__MachineDataDb: "Server=scadabridge-mssql,1433;Database=ScadaBridgeMachineData;User Id=scadabridge_app;Password=ScadaBridge_Dev1#;TrustServerCertificate=true"
|
||||
ScadaBridge__Security__Ldap__ServiceAccountPassword: "serviceaccount123"
|
||||
ScadaBridge__Security__JwtSigningKey: "scadabridge-dev-jwt-signing-key-must-be-at-least-32-characters-long"
|
||||
ports:
|
||||
- "9001:5000" # Web UI + Inbound API
|
||||
- "9011:8081" # Akka remoting (host access for CLI/debugging)
|
||||
@@ -43,6 +54,17 @@ services:
|
||||
# out-of-band (env/secret store), never from source control — see
|
||||
# docs/operations/inbound-api-key-reissue.md. Both Central nodes share one pepper.
|
||||
ScadaBridge__InboundApi__ApiKeyPepper: "dev-only-insecure-pepper-docker-cluster-0001"
|
||||
# DEV-ONLY local-cluster secrets — NOT real secrets. Relocated out of the mounted
|
||||
# appsettings.Central.json (G-4 T5 secrets cleanup) so that app-config file carries no
|
||||
# plaintext credentials. Env overrides layer over JSON BEFORE the ${secret:} pre-host
|
||||
# expander runs, so the dev cluster boots with no KEK/secret store. The SQL password is
|
||||
# the same value already committed for the sibling scadabridge-mssql container
|
||||
# (infra/docker-compose.yml MSSQL_SA_PASSWORD) — consolidation, not new exposure. Real
|
||||
# deployments use ${secret:} tokens (src/.../appsettings.Central.json) + a seeded store.
|
||||
ScadaBridge__Database__ConfigurationDb: "Server=scadabridge-mssql,1433;Database=ScadaBridgeConfig;User Id=scadabridge_app;Password=ScadaBridge_Dev1#;TrustServerCertificate=true"
|
||||
ScadaBridge__Database__MachineDataDb: "Server=scadabridge-mssql,1433;Database=ScadaBridgeMachineData;User Id=scadabridge_app;Password=ScadaBridge_Dev1#;TrustServerCertificate=true"
|
||||
ScadaBridge__Security__Ldap__ServiceAccountPassword: "serviceaccount123"
|
||||
ScadaBridge__Security__JwtSigningKey: "scadabridge-dev-jwt-signing-key-must-be-at-least-32-characters-long"
|
||||
ports:
|
||||
- "9002:5000" # Web UI + Inbound API
|
||||
- "9012:8081" # Akka remoting
|
||||
|
||||
Reference in New Issue
Block a user