fix(security): remove MinIO hardcoded credentials & add presigned URL support
- Remove hardcoded minioadmin/minioadmin_secret fallback from docker-compose.yml, require MINIO_ACCESS_KEY/MINIO_SECRET_KEY env vars (fail-fast with :? syntax) - Align docker-compose.yml env var names with .env.example (MINIO_ACCESS_KEY/SECRET_KEY) - Update CI e2e workflow to use GitHub vars with non-default fallbacks - Update .env.test to use non-default test credentials - Add @aws-sdk/s3-request-presigner and getPresignedUploadUrl() method to MinioMediaStorageService for properly signed client-side uploads - Remove hardcoded credentials from dev-environment docs Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Ho Ngoc Hai
@@ -16,8 +16,8 @@ TYPESENSE_API_KEY=ts_dev_key_change_me
|
||||
# MinIO
|
||||
MINIO_ENDPOINT=localhost
|
||||
MINIO_PORT=9000
|
||||
MINIO_ACCESS_KEY=minioadmin
|
||||
MINIO_SECRET_KEY=minioadmin_secret
|
||||
MINIO_ACCESS_KEY=test_minio_user
|
||||
MINIO_SECRET_KEY=test_minio_secret_key_32chars!!
|
||||
MINIO_BUCKET=goodgo-uploads
|
||||
|
||||
# Auth (deterministic secrets for test reproducibility)
|
||||
|
||||
Reference in New Issue
Block a user