fix(security): remove residual Neon/external credentials from appsettings.Development.json

SEC-C-01 gap: Security engineer's Wave 1 fix replaced Neon credentials in appsettings.json (19 files) but missed 4 appsettings.Development.json files that still pointed to cloud infrastructure with production credentials. Changes per service: - iam-service-net: DB→localhost, Redis→localhost (removed Velik@2026), Email SMTP→localhost:1025 (removed Mailgun password) - membership-service-net: DB→localhost, Redis→localhost - promotion-service-net: DB→localhost - storage-service-net: DB→localhost, MinIO→localhost:9000 (removed Velik@2026), Redis→localhost All four files now point exclusively to local Docker Compose services (postgres-local:5432, redis-local:6379, minio-local:9000). Production/staging credentials must be injected via environment variables. CTO review finding: appsettings.Development.json must not contain cloud credentials. Local dev should always use docker-compose services. Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-03-23 09:52:20 +07:00
parent af0461f233
commit dd57cff6b1
4 changed files with 17 additions and 17 deletions
--- a/services/iam-service-net/src/IamService.API/appsettings.Development.json
+++ b/services/iam-service-net/src/IamService.API/appsettings.Development.json
@@ -30,15 +30,15 @@
        ]
    },
    "ConnectionStrings": {
-        "DefaultConnection": "Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=iam_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require"
+        "DefaultConnection": "Host=localhost;Database=iam_service;Username=goodgo;Password=goodgo-local-2024"
    },
    "IdentityServer": {
        "Authority": "http://localhost:5001"
    },
    "Redis": {
-        "Host": "167.114.174.113",
+        "Host": "localhost",
        "Port": 6379,
-        "Password": "Velik@2026",
+        "Password": "",
        "Database": 0,
        "ConnectTimeout": 5000,
        "SyncTimeout": 5000
@@ -51,12 +51,12 @@
        "RefreshTokenExpiryDays": 7
    },
    "Email": {
-        "SmtpServer": "smtp.mailgun.org",
-        "SmtpPort": 587,
-        "SmtpLogin": "admin@mail.goodgo.us",
-        "SmtpPassword": "a469e9333580ef5dbb141f01e33864ef-51afd2db-6c014754",
+        "SmtpServer": "localhost",
+        "SmtpPort": 1025,
+        "SmtpLogin": "",
+        "SmtpPassword": "",
        "SenderEmail": "verify@mail.goodgo.us",
-        "SenderName": "GoodGo IAM Service",
+        "SenderName": "GoodGo IAM Service (Dev)",
        "BaseUrl": "http://localhost:5001"
    },
    "TwoFactor": {
--- a/services/membership-service-net/src/MembershipService.API/appsettings.Development.json
+++ b/services/membership-service-net/src/MembershipService.API/appsettings.Development.json
@@ -17,12 +17,12 @@
        }
    },
    "ConnectionStrings": {
-        "DefaultConnection": "Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=membership_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require"
+        "DefaultConnection": "Host=localhost;Database=membership_service;Username=goodgo;Password=goodgo-local-2024"
    },
    "Redis": {
-        "Host": "167.114.174.113",
+        "Host": "localhost",
        "Port": 6379,
-        "Password": "Velik@2026",
+        "Password": "",
        "Database": 0,
        "ConnectTimeout": 5000,
        "SyncTimeout": 5000
--- a/services/promotion-service-net/src/PromotionService.API/appsettings.Development.json
+++ b/services/promotion-service-net/src/PromotionService.API/appsettings.Development.json
@@ -17,7 +17,7 @@
        }
    },
    "ConnectionStrings": {
-        "DefaultConnection": "Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=promotion_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require"
+        "DefaultConnection": "Host=localhost;Database=promotion_service;Username=goodgo;Password=goodgo-local-2024"
    },
    "WalletService": {
        "BaseUrl": "http://localhost:5003",
--- a/services/storage-service-net/src/StorageService.API/appsettings.Development.json
+++ b/services/storage-service-net/src/StorageService.API/appsettings.Development.json
@@ -31,7 +31,7 @@
    },
    "AllowedHosts": "*",
    "ConnectionStrings": {
-        "DefaultConnection": "Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=storage_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require"
+        "DefaultConnection": "Host=localhost;Database=storage_service;Username=goodgo;Password=goodgo-local-2024"
    },
    "Storage": {
        "Provider": "minio",
@@ -39,9 +39,9 @@
        "PreSignedUrlExpirationSeconds": 3600,
        "MaxFileSizeBytes": 104857600,
        "MinIO": {
-            "Endpoint": "167.114.174.113:9000",
+            "Endpoint": "localhost:9000",
            "AccessKey": "minioadmin",
-            "SecretKey": "Velik@2026",
+            "SecretKey": "minioadmin",
            "UseSSL": false,
            "Region": "us-east-1"
        },
@@ -60,9 +60,9 @@
        "HealthCheckCacheDurationSeconds": 60
    },
    "Redis": {
-        "Host": "167.114.174.113",
+        "Host": "localhost",
        "Port": 6379,
-        "Password": "Velik@2026",
+        "Password": "",
        "Database": 0,
        "ConnectTimeout": 5000,
        "SyncTimeout": 5000