security: remove all hardcoded API keys, require from environment

2026-02-11 21:33:18 +01:00
parent b36e5a33ea
commit 15675390ac
46 changed files with 107 additions and 107 deletions
--- a/docs/operator/deployment/nginx-domain-setup.md
+++ b/docs/operator/deployment/nginx-domain-setup.md
@@ -117,7 +117,7 @@ incus exec aitbc -- systemctl reload nginx
 ```bash
 # Check each service
 curl -k https://aitbc.bubuit.net/api/health
-curl -k https://aitbc.bubuit.net/admin/stats -H "X-Api-Key: REDACTED_ADMIN_KEY"
+curl -k https://aitbc.bubuit.net/admin/stats -H "X-Api-Key: ${ADMIN_API_KEY}"
 curl -k https://aitbc.bubuit.net/rpc/head
 ```

--- a/docs/operator/deployment/run.md
+++ b/docs/operator/deployment/run.md
@@ -69,7 +69,7 @@ These instructions cover the newly scaffolded services. Install dependencies usi
   python - <<'PY'
   from aitbc_sdk import CoordinatorReceiptClient, verify_receipt

-   client = CoordinatorReceiptClient("http://localhost:8011", "REDACTED_CLIENT_KEY")
+   client = CoordinatorReceiptClient("http://localhost:8011", "${CLIENT_API_KEY}")
   receipt = client.fetch_latest("<job_id>")
   verification = verify_receipt(receipt)
   print("miner signature valid:", verification.miner_signature.valid)