oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity

security: remove hardcoded credentials, use env vars for Bitcoin RPC, PostgreSQL, and API keys

Browse Source
This commit is contained in:
oib
2026-02-11 21:22:01 +01:00
parent 5773156ce1
commit 3a12a66bda
5 changed files with 35 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
.env.example Normal file
View File

@@ -0,0 +1,23 @@
# AITBC Environment Configuration
# Copy this file to .env and fill in your values
# Coordinator API
APP_ENV=dev
DATABASE_URL=sqlite:///./coordinator.db
ADMIN_API_KEYS=["your-admin-key"]
CLIENT_API_KEYS=["your-client-key"]
MINER_API_KEYS=["your-miner-key"]
HMAC_SECRET=your-hmac-secret
RECEIPT_SIGNING_KEY_HEX=
RECEIPT_ATTESTATION_KEY_HEX=
# PostgreSQL (if using PostgreSQL instead of SQLite)
# DATABASE_URL=postgresql://user:password@localhost:5432/aitbc_coordinator
JWT_SECRET=change-me-in-production
# Bitcoin Wallet Integration
BITCOIN_RPC_URL=http://127.0.0.1:18332
BITCOIN_RPC_USER=aitbc_rpc
BITCOIN_RPC_PASSWORD=
BITCOIN_WALLET_NAME=aitbc_exchange
BITCOIN_FALLBACK_ADDRESS=tb1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh

3
.gitignore vendored
View File

@@ -25,7 +25,8 @@ htmlcov/
# Environment files # Environment files
*.env *.env
*.env.* .env.*
!.env.example
.env.local .env.local
.env.*.local .env.*.local

4
apps/coordinator-api/src/app/config_pg.py
View File

@@ -14,10 +14,10 @@ class Settings(BaseSettings):
debug: bool = False debug: bool = False
# Database Configuration # Database Configuration
database_url: str = "postgresql://aitbc_user:aitbc_password@localhost:5432/aitbc_coordinator" database_url: str = "postgresql://localhost:5432/aitbc_coordinator"
# JWT Configuration # JWT Configuration
jwt_secret: str = "your-secret-key-change-in-production" jwt_secret: str = "change-me-in-production"
jwt_algorithm: str = "HS256" jwt_algorithm: str = "HS256"
jwt_expiration_hours: int = 24 jwt_expiration_hours: int = 24

13
apps/coordinator-api/src/app/services/bitcoin_wallet.py
View File

@@ -12,15 +12,14 @@ from typing import Dict, Optional
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
# Bitcoin wallet configuration # Bitcoin wallet configuration (credentials from environment)
WALLET_CONFIG = { WALLET_CONFIG = {
# For development, we'll use testnet
'testnet': True, 'testnet': True,
'rpc_url': 'http://127.0.0.1:18332', # Testnet RPC port 'rpc_url': os.environ.get('BITCOIN_RPC_URL', 'http://127.0.0.1:18332'),
'rpc_user': 'aitbc_rpc', 'rpc_user': os.environ.get('BITCOIN_RPC_USER', 'aitbc_rpc'),
'rpc_password': 'REDACTED_RPC_PASSWORD', 'rpc_password': os.environ.get('BITCOIN_RPC_PASSWORD', ''),
'wallet_name': 'aitbc_exchange', 'wallet_name': os.environ.get('BITCOIN_WALLET_NAME', 'aitbc_exchange'),
'fallback_address': 'tb1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh' # Testnet address 'fallback_address': os.environ.get('BITCOIN_FALLBACK_ADDRESS', 'tb1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh'),
} }
class BitcoinWallet: class BitcoinWallet:

4
apps/coordinator-api/src/app/services/blockchain.py
View File

@@ -23,7 +23,7 @@ async def mint_tokens(address: str, amount: float) -> dict:
"address": address, "address": address,
"amount": amount "amount": amount
}, },
headers={"X-Api-Key": "REDACTED_ADMIN_KEY"} headers={"X-Api-Key": settings.admin_api_keys[0] if settings.admin_api_keys else ""}
) )
if response.status_code == 200: if response.status_code == 200:
@@ -39,7 +39,7 @@ def get_balance(address: str) -> Optional[float]:
response = requests.get( response = requests.get(
f"{BLOCKCHAIN_RPC}/getBalance/{address}", f"{BLOCKCHAIN_RPC}/getBalance/{address}",
headers={"X-Api-Key": "REDACTED_ADMIN_KEY"} headers={"X-Api-Key": settings.admin_api_keys[0] if settings.admin_api_keys else ""}
) )
if response.status_code == 200: if response.status_code == 200: