chore(security): enhance environment configuration, CI workflows, and wallet daemon with security improvements

- Restructure .env.example with security-focused documentation, service-specific environment file references, and AWS Secrets Manager integration - Update CLI tests workflow to single Python 3.13 version, add pytest-mock dependency, and consolidate test execution with coverage - Add comprehensive security validation to package publishing workflow with manual approval gates, secret scanning, and release
2026-03-03 10:33:46 +01:00
parent 00d00cb964
commit f353e00172
220 changed files with 42506 additions and 921 deletions
--- a/infra/helm/charts/coordinator/values.yaml
+++ b/infra/helm/charts/coordinator/values.yaml
@@ -109,18 +109,19 @@ affinity: {}
 # Configuration
 config:
  appEnv: production
-  databaseUrl: "postgresql://aitbc:password@postgresql:5432/aitbc"
-  receiptSigningKeyHex: ""
-  receiptAttestationKeyHex: ""
+  databaseUrl: secretRef:db-credentials:url
+  receiptSigningKeyHex: secretRef:security-keys:receipt-signing
+  receiptAttestationKeyHex: secretRef:security-keys:receipt-attestation
  allowOrigins: "*"

 # PostgreSQL sub-chart configuration
 postgresql:
  enabled: true
  auth:
-    postgresPassword: "password"
+    postgresPassword: secretRef:db-credentials:password
    username: aitbc
    database: aitbc
+    existingSecret: db-credentials
  primary:
    persistence:
      enabled: true