fix(security): remove external Redis/MinIO/SMTP credentials from base appsettings.json

SEC-C-01 extended gap: 3 base appsettings.json files still referenced external infrastructure (167.114.174.113) with Velik@2026 credentials and real SMTP password — missed by the Wave 1 security fix which targeted DB credentials only. Changes: - iam-service-net/appsettings.json: Redis localhost (removed Velik@2026), SMTP localhost:1025 (removed Mailgun credentials) - membership-service-net/appsettings.json: Redis localhost (removed Velik@2026) - storage-service-net/appsettings.json: MinIO→localhost:9000 minioadmin/minioadmin, Redis→localhost (removed Velik@2026) All production credentials (Redis, MinIO, SMTP) must be injected via environment variables. Base appsettings.json targets docker-compose local stack. CTO review finding: Redis__Password, MinIO:SecretKey, Email:SmtpPassword must never appear in committed config files. Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-03-23 09:54:59 +07:00
parent 7b92332710
commit 619a06fafe
3 changed files with 12 additions and 12 deletions
--- a/services/iam-service-net/src/IamService.API/appsettings.json
+++ b/services/iam-service-net/src/IamService.API/appsettings.json
@@ -33,9 +33,9 @@
        "DefaultConnection": "Host=localhost;Database=iam_service;Username=goodgo;Password=goodgo-local-2024"
    },
    "Redis": {
-        "Host": "167.114.174.113",
+        "Host": "localhost",
        "Port": 6379,
-        "Password": "Velik@2026",
+        "Password": "",
        "Database": 0,
        "ConnectTimeout": 5000,
        "SyncTimeout": 5000
@@ -48,10 +48,10 @@
        "RefreshTokenExpiryDays": 7
    },
    "Email": {
-        "SmtpServer": "smtp.mailgun.org",
-        "SmtpPort": 587,
-        "SmtpLogin": "admin@mail.goodgo.us",
-        "SmtpPassword": "a469e9333580ef5dbb141f01e33864ef-51afd2db-6c014754",
+        "SmtpServer": "localhost",
+        "SmtpPort": 1025,
+        "SmtpLogin": "",
+        "SmtpPassword": "",
        "SenderEmail": "verify@mail.goodgo.us",
        "SenderName": "GoodGo IAM Service",
        "BaseUrl": "http://localhost:5001"
--- a/services/membership-service-net/src/MembershipService.API/appsettings.json
+++ b/services/membership-service-net/src/MembershipService.API/appsettings.json
@@ -33,9 +33,9 @@
        "DefaultConnection": "Host=localhost;Database=membership_service;Username=goodgo;Password=goodgo-local-2024"
    },
    "Redis": {
-        "Host": "167.114.174.113",
+        "Host": "localhost",
        "Port": 6379,
-        "Password": "Velik@2026",
+        "Password": "",
        "Database": 0,
        "ConnectTimeout": 5000,
        "SyncTimeout": 5000
--- a/services/storage-service-net/src/StorageService.API/appsettings.json
+++ b/services/storage-service-net/src/StorageService.API/appsettings.json
@@ -38,9 +38,9 @@
        "PreSignedUrlExpirationSeconds": 3600,
        "MaxFileSizeBytes": 104857600,
        "MinIO": {
-            "Endpoint": "167.114.174.113:9000",
+            "Endpoint": "localhost:9000",
            "AccessKey": "minioadmin",
-            "SecretKey": "Velik@2026",
+            "SecretKey": "minioadmin",
            "UseSSL": false,
            "Region": "us-east-1"
        },
@@ -52,9 +52,9 @@
        }
    },
    "Redis": {
-        "Host": "167.114.174.113",
+        "Host": "localhost",
        "Port": 6379,
-        "Password": "Velik@2026",
+        "Password": "",
        "Database": 0,
        "ConnectTimeout": 5000,
        "SyncTimeout": 5000