fix(security): remove hardcoded password from agent protocols
- Replace hardcoded password with environment variables - Add .env.example template for secure configuration - Update .gitignore to prevent committing secrets - Add os import for environment variable support Fixes critical security vulnerability in agent message protocol
This commit is contained in:
AITBC System
11
.gitignore
vendored
11
.gitignore
vendored
@@ -245,13 +245,20 @@ config.json
|
|||||||
secrets.json
|
secrets.json
|
||||||
|
|
||||||
# Temporary files
|
# Temporary files
|
||||||
>>>>>>> Stashed changes
|
|
||||||
*.tmp
|
*.tmp
|
||||||
*.temp
|
*.temp
|
||||||
*.bak
|
*.bak
|
||||||
*.backup
|
*.backup
|
||||||
|
|
||||||
<<<<<<< Updated upstream
|
# ===================
|
||||||
|
# Environment Files
|
||||||
|
# ===================
|
||||||
|
.env
|
||||||
|
.env.local
|
||||||
|
.env.production
|
||||||
|
*.env
|
||||||
|
.env.*.local
|
||||||
|
|
||||||
# ===================
|
# ===================
|
||||||
# Windsurf IDE
|
# Windsurf IDE
|
||||||
# ===================
|
# ===================
|
||||||
|
|||||||
19
apps/agent-protocols/.env.example
Normal file
19
apps/agent-protocols/.env.example
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
# AITBC Agent Protocols Environment Configuration
|
||||||
|
# Copy this file to .env and update with your secure values
|
||||||
|
|
||||||
|
# Agent Protocol Encryption Key (generate a strong, unique key)
|
||||||
|
AITBC_AGENT_PROTOCOL_KEY=your-secure-encryption-key-here
|
||||||
|
|
||||||
|
# Agent Protocol Salt (generate a unique salt value)
|
||||||
|
AITBC_AGENT_PROTOCOL_SALT=your-unique-salt-value-here
|
||||||
|
|
||||||
|
# Agent Registry Configuration
|
||||||
|
AGENT_REGISTRY_HOST=0.0.0.0
|
||||||
|
AGENT_REGISTRY_PORT=8003
|
||||||
|
|
||||||
|
# Database Configuration
|
||||||
|
AGENT_REGISTRY_DB_PATH=agent_registry.db
|
||||||
|
|
||||||
|
# Security Settings
|
||||||
|
AGENT_PROTOCOL_TIMEOUT=300
|
||||||
|
AGENT_PROTOCOL_MAX_RETRIES=3
|
||||||
@@ -330,6 +330,7 @@ Secure cross-chain agent communication
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
import json
|
import json
|
||||||
|
import os
|
||||||
import time
|
import time
|
||||||
import uuid
|
import uuid
|
||||||
import hashlib
|
import hashlib
|
||||||
@@ -351,8 +352,12 @@ class MessageProtocol:
|
|||||||
|
|
||||||
def _generate_key(self) -> bytes:
|
def _generate_key(self) -> bytes:
|
||||||
"""Generate encryption key"""
|
"""Generate encryption key"""
|
||||||
password = b"aitbc-agent-protocol-2026"
|
password = os.environ.get('AITBC_AGENT_PROTOCOL_KEY', b"default-key-change-in-production")
|
||||||
salt = b"aitbc-salt-agent-protocol"
|
salt = os.environ.get('AITBC_AGENT_PROTOCOL_SALT', b"aitbc-salt-agent-protocol")
|
||||||
|
if isinstance(password, str):
|
||||||
|
password = password.encode()
|
||||||
|
if isinstance(salt, str):
|
||||||
|
salt = salt.encode()
|
||||||
kdf = PBKDF2HMAC(
|
kdf = PBKDF2HMAC(
|
||||||
algorithm=hashes.SHA256(),
|
algorithm=hashes.SHA256(),
|
||||||
length=32,
|
length=32,
|
||||||
|
|||||||
Reference in New Issue
Block a user