Harden secret handling: remove weak fallback defaults, fail fast on missing env vars
JWT_SECRET and ADMIN_KEY no longer fall back to insecure defaults. The app will throw at startup if these env vars are not set. docker-compose.yml now uses :? syntax to require them. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
cottongin
@@ -9,8 +9,8 @@ services:
|
||||
- PORT=5000
|
||||
- NODE_ENV=production
|
||||
- DB_PATH=/app/data/jackbox.db
|
||||
- JWT_SECRET=${JWT_SECRET:-change-me-in-production}
|
||||
- ADMIN_KEY=${ADMIN_KEY:-admin123}
|
||||
- JWT_SECRET=${JWT_SECRET:?JWT_SECRET is required}
|
||||
- ADMIN_KEY=${ADMIN_KEY:?ADMIN_KEY is required}
|
||||
- DEBUG=false
|
||||
volumes:
|
||||
- jackbox-data:/app/data
|
||||
|
||||
Reference in New Issue
Block a user