gitadmin/ArchiTools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(deploy): externalize all secrets to .env, migrate Brevo SMTP → REST API

Browse Source 
- docker-compose.yml: replace 43 hardcoded env values with ${VAR} references.
  Operators must provide /opt/architools/.env (chmod 600, gitignored) with the
  matching keys. Removes the historical leak surface where every edit risked
  echoing secrets.
- email-service.ts: drop nodemailer SMTP transport; use Brevo REST API
  (POST https://api.brevo.com/v3/smtp/email) with BREVO_API_KEY header.
  Brevo SMTP relay credentials have been deleted upstream.
- package.json: remove nodemailer + @types/nodemailer.

NOTE: legacy hardcoded credentials present in git history must still be
rotated separately (DB password, Authentik client secret, ENCRYPTION_SECRET,
ANCPI password, etc.).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Claude VM
2026-04-22 07:49:08 +03:00
parent 265e1c934b
commit 6b3d56e1e8
4 changed files with 181 additions and 226 deletions
Download Patch File Download Diff File Expand all files Collapse all files
package.json
-2
View File
@@ -25,7 +25,6 @@
"next": "16.1.6",
"next-auth": "^4.24.13",
"next-themes": "^0.4.6",
"nodemailer": "^7.0.13",
"pmtiles": "^4.4.0",
"proj4": "^2.20.3",
"qrcode": "^1.5.4",
@@ -43,7 +42,6 @@
"@types/busboy": "^1.5.4",
"@types/jszip": "^3.4.0",
"@types/node": "^20",
"@types/nodemailer": "^7.0.11",
"@types/proj4": "^2.5.6",
"@types/qrcode": "^1.5.6",
"@types/react": "^19",