From 619a06fafe7cc4b7897565cc140902cf255fad4e Mon Sep 17 00:00:00 2001 From: Ho Ngoc Hai Date: Mon, 23 Mar 2026 09:54:59 +0700 Subject: [PATCH] fix(security): remove external Redis/MinIO/SMTP credentials from base appsettings.json MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit SEC-C-01 extended gap: 3 base appsettings.json files still referenced external infrastructure (167.114.174.113) with Velik@2026 credentials and real SMTP password — missed by the Wave 1 security fix which targeted DB credentials only. Changes: - iam-service-net/appsettings.json: Redis localhost (removed Velik@2026), SMTP localhost:1025 (removed Mailgun credentials) - membership-service-net/appsettings.json: Redis localhost (removed Velik@2026) - storage-service-net/appsettings.json: MinIO→localhost:9000 minioadmin/minioadmin, Redis→localhost (removed Velik@2026) All production credentials (Redis, MinIO, SMTP) must be injected via environment variables. Base appsettings.json targets docker-compose local stack. CTO review finding: Redis__Password, MinIO:SecretKey, Email:SmtpPassword must never appear in committed config files. Co-Authored-By: Paperclip --- .../src/IamService.API/appsettings.json | 12 ++++++------ .../src/MembershipService.API/appsettings.json | 4 ++-- .../src/StorageService.API/appsettings.json | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/services/iam-service-net/src/IamService.API/appsettings.json b/services/iam-service-net/src/IamService.API/appsettings.json index 94959fba..5e5686e8 100644 --- a/services/iam-service-net/src/IamService.API/appsettings.json +++ b/services/iam-service-net/src/IamService.API/appsettings.json @@ -33,9 +33,9 @@ "DefaultConnection": "Host=localhost;Database=iam_service;Username=goodgo;Password=goodgo-local-2024" }, "Redis": { - "Host": "167.114.174.113", + "Host": "localhost", "Port": 6379, - "Password": "Velik@2026", + "Password": "", "Database": 0, "ConnectTimeout": 5000, "SyncTimeout": 5000 @@ -48,10 +48,10 @@ "RefreshTokenExpiryDays": 7 }, "Email": { - "SmtpServer": "smtp.mailgun.org", - "SmtpPort": 587, - "SmtpLogin": "admin@mail.goodgo.us", - "SmtpPassword": "a469e9333580ef5dbb141f01e33864ef-51afd2db-6c014754", + "SmtpServer": "localhost", + "SmtpPort": 1025, + "SmtpLogin": "", + "SmtpPassword": "", "SenderEmail": "verify@mail.goodgo.us", "SenderName": "GoodGo IAM Service", "BaseUrl": "http://localhost:5001" diff --git a/services/membership-service-net/src/MembershipService.API/appsettings.json b/services/membership-service-net/src/MembershipService.API/appsettings.json index bd5e844e..8a146609 100644 --- a/services/membership-service-net/src/MembershipService.API/appsettings.json +++ b/services/membership-service-net/src/MembershipService.API/appsettings.json @@ -33,9 +33,9 @@ "DefaultConnection": "Host=localhost;Database=membership_service;Username=goodgo;Password=goodgo-local-2024" }, "Redis": { - "Host": "167.114.174.113", + "Host": "localhost", "Port": 6379, - "Password": "Velik@2026", + "Password": "", "Database": 0, "ConnectTimeout": 5000, "SyncTimeout": 5000 diff --git a/services/storage-service-net/src/StorageService.API/appsettings.json b/services/storage-service-net/src/StorageService.API/appsettings.json index 799b7d17..f7a545bd 100644 --- a/services/storage-service-net/src/StorageService.API/appsettings.json +++ b/services/storage-service-net/src/StorageService.API/appsettings.json @@ -38,9 +38,9 @@ "PreSignedUrlExpirationSeconds": 3600, "MaxFileSizeBytes": 104857600, "MinIO": { - "Endpoint": "167.114.174.113:9000", + "Endpoint": "localhost:9000", "AccessKey": "minioadmin", - "SecretKey": "Velik@2026", + "SecretKey": "minioadmin", "UseSSL": false, "Region": "us-east-1" }, @@ -52,9 +52,9 @@ } }, "Redis": { - "Host": "167.114.174.113", + "Host": "localhost", "Port": 6379, - "Password": "Velik@2026", + "Password": "", "Database": 0, "ConnectTimeout": 5000, "SyncTimeout": 5000