admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(env): canonicalize FIELD_ENCRYPTION_KEY in .env.example (GOO-238)

Browse Source 
Replace KYC_ENCRYPTION_KEY/KYC_ENCRYPTION_KEY_VERSION in .env.example with
the canonical FIELD_ENCRYPTION_KEY/FIELD_ENCRYPTION_KEY_VERSION used by
env-validation.ts and the rotation runbook. Update bootstrap.sh sed line to
substitute the canonical name. Runtime still reads the legacy KYC_* vars as
a deprecated fallback for existing operators.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Ho Ngoc Hai
2026-04-24 13:38:05 +07:00
parent 9af9e1d84a
commit e97a89c3f1
13 changed files with 101 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/bootstrap.sh
View File

@@ -163,7 +163,7 @@ else
"${SED_INPLACE[@]}" "s|PGBOUNCER_STATS_PASSWORD=CHANGE_ME|PGBOUNCER_STATS_PASSWORD=pgbouncer_stats|" .env
"${SED_INPLACE[@]}" "s|JWT_SECRET=.*|JWT_SECRET=$JWT_SECRET_VAL|" .env
"${SED_INPLACE[@]}" "s|JWT_REFRESH_SECRET=.*|JWT_REFRESH_SECRET=$JWT_REFRESH_VAL|" .env
"${SED_INPLACE[@]}" "s|KYC_ENCRYPTION_KEY=.*|KYC_ENCRYPTION_KEY=$KYC_KEY_VAL|" .env
"${SED_INPLACE[@]}" "s|FIELD_ENCRYPTION_KEY=.*|FIELD_ENCRYPTION_KEY=$KYC_KEY_VAL|" .env
else
warn "openssl not found — .env copied but secrets are placeholders. Update them manually."
fi