remove sample secret SECRET_KEY

machines/dev/fedi201/fedipanel.nix

@@ -37,9 +37,7 @@ in
     enable = true;
     production = true;
     domain = "demo.fediversity.eu";
-    secrets = {
-      SECRET_KEY = config.age.secrets.panel-secret-key.path;
-    };
+    secrets = { };
     port = 8000;
   };
 }

panel/default.nix

@@ -41,7 +41,6 @@ in
       # in production, secrets are passed via CREDENTIALS_DIRECTORY by systemd.
       # use this directory for testing with local secrets
       mkdir -p $CREDENTIALS_DIRECTORY
-      echo secret > ${builtins.toString ./.credentials}/SECRET_KEY
     '';
   };
 

panel/nix/tests.nix

@@ -10,9 +10,7 @@ let
       production = false;
       restart = "no";
       domain = "example.com";
-      secrets = {
-        SECRET_KEY = pkgs.writeText "SECRET_KEY" "secret";
-      };
+      secrets = { };
       nixops4Package = pkgs.hello; # FIXME: actually pass NixOps4
     };
 

panel/src/panel/settings.py

@@ -41,9 +41,6 @@ def get_secret(name: str, encoding: str = "utf-8") -> str:
 
     return secret
 
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = get_secret("SECRET_KEY")
-
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True