security: remove hardcoded credentials, use env vars for Bitcoin RPC, PostgreSQL, and API keys

2026-02-11 21:22:01 +01:00
parent 5773156ce1
commit 3a12a66bda
5 changed files with 35 additions and 12 deletions
--- a/.env.example
+++ b/.env.example
@@ -0,0 +1,23 @@
+# AITBC Environment Configuration
+# Copy this file to .env and fill in your values
+
+# Coordinator API
+APP_ENV=dev
+DATABASE_URL=sqlite:///./coordinator.db
+ADMIN_API_KEYS=["your-admin-key"]
+CLIENT_API_KEYS=["your-client-key"]
+MINER_API_KEYS=["your-miner-key"]
+HMAC_SECRET=your-hmac-secret
+RECEIPT_SIGNING_KEY_HEX=
+RECEIPT_ATTESTATION_KEY_HEX=
+
+# PostgreSQL (if using PostgreSQL instead of SQLite)
+# DATABASE_URL=postgresql://user:password@localhost:5432/aitbc_coordinator
+JWT_SECRET=change-me-in-production
+
+# Bitcoin Wallet Integration
+BITCOIN_RPC_URL=http://127.0.0.1:18332
+BITCOIN_RPC_USER=aitbc_rpc
+BITCOIN_RPC_PASSWORD=
+BITCOIN_WALLET_NAME=aitbc_exchange
+BITCOIN_FALLBACK_ADDRESS=tb1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh