4d8e1eb352
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
- Add internal/crypto package: AES-256-GCM encrypt/decrypt with migration passthrough for existing plain-text records (no "enc:" prefix = plain text) - Store.NewStoreWithCipher injects cipher; SaveToken/UpdateLocationConfig encrypt cast_api_key before write; GetToken/ListTokens decrypt on read - Add CREDENTIALS_ENCRYPTION_KEY env var (64-hex / 32-byte); warns if unset - Add MongoDB authentication: MONGO_ROOT_USERNAME / MONGO_ROOT_PASSWORD via docker-compose MONGO_INITDB_ROOT_USERNAME/PASSWORD; MONGO_URI now requires credentials in .env.example - Update .env.example with generation instructions for all secrets Co-Authored-By: SideKx <sidekx.ai@sds.dev>
35 lines
1019 B
Plaintext
35 lines
1019 B
Plaintext
PORT=3002
|
|
BASE_URL=https://hl.cast.ph
|
|
|
|
# nginx-proxy / Let's Encrypt
|
|
VIRTUAL_HOST=hl.cast.ph
|
|
LETSENCRYPT_EMAIL=ops@cast.ph
|
|
|
|
# GHL OAuth
|
|
GHL_CLIENT_ID=
|
|
GHL_CLIENT_SECRET=
|
|
# Ed25519 public key from GHL Marketplace app settings (PKIX PEM). Paste the full PEM block.
|
|
GHL_WEBHOOK_PUBLIC_KEY=
|
|
GHL_CONVERSATION_PROVIDER_ID=
|
|
|
|
# Cast.ph
|
|
CAST_API_KEY=
|
|
CAST_API_URL=https://api.cast.ph
|
|
CAST_SENDER_ID=
|
|
|
|
# MongoDB — use a strong password; URI must include auth credentials
|
|
# Generate password: openssl rand -hex 24
|
|
MONGO_ROOT_USERNAME=castghl
|
|
MONGO_ROOT_PASSWORD=
|
|
MONGO_URI=mongodb://castghl:<password>@mongo:27017/cast-ghl?authSource=admin
|
|
|
|
# AES-256 key for encrypting per-location Cast API keys at rest in MongoDB.
|
|
# Generate: openssl rand -hex 32
|
|
# WARNING: if this key is lost without migrating records first, per-location
|
|
# API keys stored in MongoDB will be unreadable. Back this up securely.
|
|
CREDENTIALS_ENCRYPTION_KEY=
|
|
|
|
# Admin API shared secret (protects /api/admin/*)
|
|
# Generate: openssl rand -hex 32
|
|
INBOUND_API_KEY=
|