Add validation for SECRET_KEY and FIRST_SUPERUSER_PASSWORD with environment-specific rules
- Enforced minimum length and security standards for `SECRET_KEY` (32 chars, random value required in production). - Added checks for strong `FIRST_SUPERUSER_PASSWORD` (min 12 chars with mixed case, digits). - Updated `.env.template` with guidelines for secure configurations. - Added `test_config.py` to verify validations for environment configurations, passwords, and database URLs.
This commit is contained in:
Felipe Cardoso
@@ -12,14 +12,19 @@ DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}
|
||||
|
||||
# Backend settings
|
||||
BACKEND_PORT=8000
|
||||
SECRET_KEY=your_secret_key_here
|
||||
# CRITICAL: Generate a secure SECRET_KEY for production!
|
||||
# Generate with: python -c 'import secrets; print(secrets.token_urlsafe(32))'
|
||||
# Must be at least 32 characters
|
||||
SECRET_KEY=your_secret_key_here_REPLACE_WITH_GENERATED_KEY_32_CHARS_MIN
|
||||
ENVIRONMENT=development
|
||||
DEBUG=true
|
||||
BACKEND_CORS_ORIGINS=["http://localhost:3000"]
|
||||
FIRST_SUPERUSER_EMAIL=admin@example.com
|
||||
FIRST_SUPERUSER_PASSWORD=Admin123
|
||||
# IMPORTANT: Use a strong password (min 12 chars, mixed case, digits)
|
||||
# Default weak passwords like 'Admin123' are rejected
|
||||
FIRST_SUPERUSER_PASSWORD=YourStrongPassword123!
|
||||
|
||||
# Frontend settings
|
||||
FRONTEND_PORT=3000
|
||||
NEXT_PUBLIC_API_URL=http://localhost:8000
|
||||
NODE_ENV=development
|
||||
NODE_ENV=development
|
||||
|
||||
Reference in New Issue
Block a user