chore(security): enhance environment configuration, CI workflows, and wallet daemon with security improvements
- Restructure .env.example with security-focused documentation, service-specific environment file references, and AWS Secrets Manager integration - Update CLI tests workflow to single Python 3.13 version, add pytest-mock dependency, and consolidate test execution with coverage - Add comprehensive security validation to package publishing workflow with manual approval gates, secret scanning, and release
This commit is contained in:
oib
57
config/environments/production/coordinator.env.template
Normal file
57
config/environments/production/coordinator.env.template
Normal file
@@ -0,0 +1,57 @@
|
||||
# Coordinator API - Production Environment Template
|
||||
# DO NOT commit actual values - use AWS Secrets Manager in production
|
||||
|
||||
# =============================================================================
|
||||
# CORE APPLICATION CONFIGURATION
|
||||
# =============================================================================
|
||||
APP_ENV=production
|
||||
DEBUG=false
|
||||
LOG_LEVEL=WARN
|
||||
|
||||
# Database Configuration (use AWS RDS in production)
|
||||
DATABASE_URL=postgresql://user:pass@host:5432/database
|
||||
# Reference: secretRef:db-credentials
|
||||
|
||||
# =============================================================================
|
||||
# API CONFIGURATION
|
||||
# =============================================================================
|
||||
# API Keys (use AWS Secrets Manager)
|
||||
ADMIN_API_KEY=secretRef:api-keys:admin
|
||||
CLIENT_API_KEY=secretRef:api-keys:client
|
||||
MINER_API_KEY=secretRef:api-keys:miner
|
||||
AITBC_API_KEY=secretRef:api-keys:coordinator
|
||||
|
||||
# API URLs
|
||||
API_URL=https://api.aitbc.bubuit.net
|
||||
COORDINATOR_URL=https://api.aitbc.bubuit.net
|
||||
COORDINATOR_HEALTH_URL=https://api.aitbc.bubuit.net/health
|
||||
|
||||
# =============================================================================
|
||||
# SECURITY CONFIGURATION
|
||||
# =============================================================================
|
||||
# Security Keys (use AWS Secrets Manager)
|
||||
ENCRYPTION_KEY=secretRef:security-keys:encryption
|
||||
HMAC_SECRET=secretRef:security-keys:hmac
|
||||
JWT_SECRET=secretRef:security-keys:jwt
|
||||
|
||||
# =============================================================================
|
||||
# BLOCKCHAIN CONFIGURATION
|
||||
# =============================================================================
|
||||
# Mainnet RPC URLs (use secure endpoints)
|
||||
ETHEREUM_RPC_URL=https://mainnet.infura.io/v3/YOUR_PROJECT_ID
|
||||
POLYGON_RPC_URL=https://polygon-rpc.com
|
||||
ARBITRUM_RPC_URL=https://arb1.arbitrum.io/rpc
|
||||
OPTIMISM_RPC_URL=https://mainnet.optimism.io
|
||||
|
||||
# =============================================================================
|
||||
# EXTERNAL SERVICES
|
||||
# =============================================================================
|
||||
# AI/ML Services (use production keys)
|
||||
OPENAI_API_KEY=secretRef:external-services:openai
|
||||
GOOGLE_PROJECT_ID=secretRef:external-services:google-project
|
||||
|
||||
# =============================================================================
|
||||
# MONITORING
|
||||
# =============================================================================
|
||||
# Sentry (use production DSN)
|
||||
SENTRY_DSN=secretRef:monitoring:sentry
|
||||
45
config/environments/production/wallet-daemon.env.template
Normal file
45
config/environments/production/wallet-daemon.env.template
Normal file
@@ -0,0 +1,45 @@
|
||||
# Wallet Daemon - Production Environment Template
|
||||
# DO NOT commit actual values - use AWS Secrets Manager in production
|
||||
|
||||
# =============================================================================
|
||||
# CORE APPLICATION CONFIGURATION
|
||||
# =============================================================================
|
||||
APP_ENV=production
|
||||
DEBUG=false
|
||||
LOG_LEVEL=WARN
|
||||
|
||||
# =============================================================================
|
||||
# SERVICE CONFIGURATION
|
||||
# =============================================================================
|
||||
# Coordinator Integration
|
||||
COORDINATOR_BASE_URL=https://api.aitbc.bubuit.net
|
||||
COORDINATOR_API_KEY=secretRef:api-keys:coordinator
|
||||
|
||||
# REST API Configuration
|
||||
REST_PREFIX=/v1
|
||||
|
||||
# =============================================================================
|
||||
# DATABASE CONFIGURATION
|
||||
# =============================================================================
|
||||
# Ledger Database Path (use persistent storage)
|
||||
LEDGER_DB_PATH=/data/wallet_ledger.db
|
||||
|
||||
# =============================================================================
|
||||
# SECURITY CONFIGURATION
|
||||
# =============================================================================
|
||||
# Rate Limiting (production values)
|
||||
WALLET_RATE_LIMIT=30
|
||||
WALLET_RATE_WINDOW=60
|
||||
|
||||
# =============================================================================
|
||||
# MONITORING
|
||||
# =============================================================================
|
||||
# Health Check Configuration
|
||||
HEALTH_CHECK_INTERVAL=30
|
||||
|
||||
# =============================================================================
|
||||
# CLUSTER CONFIGURATION
|
||||
# =============================================================================
|
||||
# Kubernetes Settings
|
||||
POD_NAMESPACE=aitbc
|
||||
SERVICE_NAME=wallet-daemon
|
||||
Reference in New Issue
Block a user