dd57cff6b1
SEC-C-01 gap: Security engineer's Wave 1 fix replaced Neon credentials in appsettings.json (19 files) but missed 4 appsettings.Development.json files that still pointed to cloud infrastructure with production credentials. Changes per service: - iam-service-net: DB→localhost, Redis→localhost (removed Velik@2026), Email SMTP→localhost:1025 (removed Mailgun password) - membership-service-net: DB→localhost, Redis→localhost - promotion-service-net: DB→localhost - storage-service-net: DB→localhost, MinIO→localhost:9000 (removed Velik@2026), Redis→localhost All four files now point exclusively to local Docker Compose services (postgres-local:5432, redis-local:6379, minio-local:9000). Production/staging credentials must be injected via environment variables. CTO review finding: appsettings.Development.json must not contain cloud credentials. Local dev should always use docker-compose services. Co-Authored-By: Paperclip <noreply@paperclip.ing>
37 lines
1.1 KiB
JSON
37 lines
1.1 KiB
JSON
{
|
|
"Logging": {
|
|
"LogLevel": {
|
|
"Default": "Debug",
|
|
"Microsoft.AspNetCore": "Information",
|
|
"Microsoft.EntityFrameworkCore.Database.Command": "Information"
|
|
}
|
|
},
|
|
"Serilog": {
|
|
"MinimumLevel": {
|
|
"Default": "Debug",
|
|
"Override": {
|
|
"Microsoft": "Information",
|
|
"Microsoft.EntityFrameworkCore.Database.Command": "Information",
|
|
"System": "Information"
|
|
}
|
|
}
|
|
},
|
|
"ConnectionStrings": {
|
|
"DefaultConnection": "Host=localhost;Database=membership_service;Username=goodgo;Password=goodgo-local-2024"
|
|
},
|
|
"Redis": {
|
|
"Host": "localhost",
|
|
"Port": 6379,
|
|
"Password": "",
|
|
"Database": 0,
|
|
"ConnectTimeout": 5000,
|
|
"SyncTimeout": 5000
|
|
},
|
|
"Jwt": {
|
|
"Secret": "goodgo-iam-service-secret-key-32chars!",
|
|
"Issuer": "goodgo-platform",
|
|
"Audience": "goodgo-services",
|
|
"AccessTokenExpiryMinutes": 15,
|
|
"RefreshTokenExpiryDays": 7
|
|
}
|
|
} |