security: fix trace ownership bypass and externalize secrets to .env
- Add userId guard in trace upsert to prevent cross-user overwrites - Move AUTH_SECRET, STRIPE_WEBHOOK_SECRET, POSTGRES_PASSWORD to .env - docker-compose.yml now references env vars instead of hardcoded secrets - Add .env.example with placeholder values for documentation
This commit is contained in:
Vectry
16
.env.example
Normal file
16
.env.example
Normal file
@@ -0,0 +1,16 @@
|
||||
# Authentication
|
||||
AUTH_SECRET= # Generate with: openssl rand -base64 32
|
||||
|
||||
# Stripe
|
||||
STRIPE_SECRET_KEY= # sk_live_... or sk_test_...
|
||||
STRIPE_WEBHOOK_SECRET= # whsec_...
|
||||
STRIPE_STARTER_PRICE_ID=price_1SzJUlR8i0An4Wz7gZeYgzBY
|
||||
STRIPE_PRO_PRICE_ID=price_1SzJVWR8i0An4Wz755hBrxzn
|
||||
|
||||
# Database (optional — defaults to agentlens/agentlens/agentlens)
|
||||
POSTGRES_USER=agentlens
|
||||
POSTGRES_PASSWORD=
|
||||
POSTGRES_DB=agentlens
|
||||
|
||||
# Email (optional — email features disabled if not set)
|
||||
EMAIL_PASSWORD=
|
||||
Reference in New Issue
Block a user