From ac3f47232408e6b0c2187ce342450e4310e0ffbd Mon Sep 17 00:00:00 2001 From: Kiara Grouwstra Date: Mon, 16 Jun 2025 13:35:39 +0200 Subject: [PATCH] remove sample secret SECRET_KEY --- machines/dev/fedi201/fedipanel.nix | 4 +--- panel/default.nix | 1 - panel/nix/tests.nix | 4 +--- panel/src/panel/settings.py | 3 --- 4 files changed, 2 insertions(+), 10 deletions(-) diff --git a/machines/dev/fedi201/fedipanel.nix b/machines/dev/fedi201/fedipanel.nix index 5c4236fc..763cdb09 100644 --- a/machines/dev/fedi201/fedipanel.nix +++ b/machines/dev/fedi201/fedipanel.nix @@ -37,9 +37,7 @@ in enable = true; production = true; domain = "demo.fediversity.eu"; - secrets = { - SECRET_KEY = config.age.secrets.panel-secret-key.path; - }; + secrets = { }; port = 8000; }; } diff --git a/panel/default.nix b/panel/default.nix index c6749611..015b1b03 100644 --- a/panel/default.nix +++ b/panel/default.nix @@ -41,7 +41,6 @@ in # in production, secrets are passed via CREDENTIALS_DIRECTORY by systemd. # use this directory for testing with local secrets mkdir -p $CREDENTIALS_DIRECTORY - echo secret > ${builtins.toString ./.credentials}/SECRET_KEY ''; }; diff --git a/panel/nix/tests.nix b/panel/nix/tests.nix index e76eaed0..b588b6b4 100644 --- a/panel/nix/tests.nix +++ b/panel/nix/tests.nix @@ -10,9 +10,7 @@ let production = false; restart = "no"; domain = "example.com"; - secrets = { - SECRET_KEY = pkgs.writeText "SECRET_KEY" "secret"; - }; + secrets = { }; nixops4Package = pkgs.hello; # FIXME: actually pass NixOps4 }; diff --git a/panel/src/panel/settings.py b/panel/src/panel/settings.py index d613e0ec..ec314e4b 100644 --- a/panel/src/panel/settings.py +++ b/panel/src/panel/settings.py @@ -41,9 +41,6 @@ def get_secret(name: str, encoding: str = "utf-8") -> str: return secret -# SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = get_secret("SECRET_KEY") - # SECURITY WARNING: don't run with debug turned on in production! DEBUG = True