oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 7 Packages Projects Releases Wiki Activity

security: remove all hardcoded API keys, require from environment

Browse Source
This commit is contained in:
oib
2026-02-11 21:33:18 +01:00
parent b36e5a33ea
commit 15675390ac
46 changed files with 107 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docs/reference/bootstrap/coordinator_api.md
View File

@@ -74,9 +74,9 @@ DATABASE_URL=sqlite:///./coordinator.db
# or: DATABASE_URL=postgresql://user:pass@localhost:5432/aitbc
# Auth
CLIENT_API_KEYS=REDACTED_CLIENT_KEY,client_dev_key_2
MINER_API_KEYS=REDACTED_MINER_KEY,miner_dev_key_2
ADMIN_API_KEYS=REDACTED_ADMIN_KEY
CLIENT_API_KEYS=${CLIENT_API_KEY},client_dev_key_2
MINER_API_KEYS=${MINER_API_KEY},miner_dev_key_2
ADMIN_API_KEYS=${ADMIN_API_KEY}
# Security
HMAC_SECRET=change_me
@@ -349,7 +349,7 @@ def match_next_job(miner):
**Client creates a job**
```bash
curl -sX POST http://127.0.0.1:8011/v1/jobs \
-H 'X-Api-Key: REDACTED_CLIENT_KEY' \
-H 'X-Api-Key: ${CLIENT_API_KEY}' \
-H 'Idempotency-Key: 7d4a...' \
-H 'Content-Type: application/json' \
-d '{
@@ -361,12 +361,12 @@ curl -sX POST http://127.0.0.1:8011/v1/jobs \
**Miner registers + polls**
```bash
curl -sX POST http://127.0.0.1:8011/v1/miners/register \
-H 'X-Api-Key: REDACTED_MINER_KEY' \
-H 'X-Api-Key: ${MINER_API_KEY}' \
-H 'Content-Type: application/json' \
-d '{"capabilities":{"gpu":"RTX4060Ti","cuda":"12.3","vram_gb":16},"concurrency":2,"region":"eu-central"}'
curl -i -sX POST http://127.0.0.1:8011/v1/miners/poll \
-H 'X-Api-Key: REDACTED_MINER_KEY' \
-H 'X-Api-Key: ${MINER_API_KEY}' \
-H 'Content-Type: application/json' \
-d '{"max_wait_seconds":10}'
```
@@ -374,7 +374,7 @@ curl -i -sX POST http://127.0.0.1:8011/v1/miners/poll \
**Miner submits result**
```bash
curl -sX POST http://127.0.0.1:8011/v1/miners/<JOB_ID>/result \
-H 'X-Api-Key: REDACTED_MINER_KEY' \
-H 'X-Api-Key: ${MINER_API_KEY}' \
-H 'Content-Type: application/json' \
-d '{"result":{"sum":5},"metrics":{"latency_ms":42}}'
```
@@ -382,7 +382,7 @@ curl -sX POST http://127.0.0.1:8011/v1/miners/<JOB_ID>/result \
**Client fetches result**
```bash
curl -s http://127.0.0.1:8011/v1/jobs/<JOB_ID>/result \
-H 'X-Api-Key: REDACTED_CLIENT_KEY'
-H 'X-Api-Key: ${CLIENT_API_KEY}'
```
---

4
docs/reference/components/miner_node.md
View File

@@ -11,7 +11,7 @@
- ✅ Deployed real GPU miner on host with NVIDIA RTX 4060 Ti (16GB)
- ✅ Integrated Ollama for LLM inference across 13+ models
- ✅ Configured systemd service (`aitbc-host-gpu-miner.service`)
- ✅ Fixed miner ID configuration (REDACTED_MINER_KEY)
- ✅ Fixed miner ID configuration (${MINER_API_KEY})
- ✅ Enhanced logging with flush handlers for systemd journal visibility
- ✅ Verified end-to-end workflow: job polling → Ollama inference → result submission → receipt generation
@@ -24,7 +24,7 @@
### Integration Points
- Coordinator API: http://127.0.0.1:18000 (via Incus proxy)
- Miner ID: REDACTED_MINER_KEY
- Miner ID: ${MINER_API_KEY}
- Heartbeat interval: 15 seconds
- Job polling: 3-second intervals
- Result submission: JSON with metrics and execution details