Skip to content

Commit f89c1e8

Browse files
SimplicityGuyclaude
andcommitted
docs(config): document and wire OAUTH_ENCRYPTION_KEY and dashboard RabbitMQ credentials
- .env.example: add JWT_SECRET_KEY and OAUTH_ENCRYPTION_KEY to the production section with generation instructions; both were absent despite being required in production - docker-compose.prod.yml: pass OAUTH_ENCRYPTION_KEY to the api service (introduced in #76 but never wired into the prod overlay); wire RABBITMQ_MANAGEMENT_USER/PASSWORD to the dashboard service so it uses production RabbitMQ credentials instead of the dev defaults Refs #69 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent baf0ac3 commit f89c1e8

2 files changed

Lines changed: 15 additions & 1 deletion

File tree

.env.example

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,15 @@ DISCOGS_ROOT=/discogs-data
2828
# These are only used when running with the production overlay
2929
# CHANGE THESE VALUES FOR PRODUCTION!
3030

31+
# JWT Secret — shared by api, curator, explore services
32+
# Generate with: openssl rand -hex 32
33+
JWT_SECRET_KEY=CHANGE_ME_IN_PRODUCTION
34+
35+
# OAuth encryption key — Fernet symmetric key used to encrypt Discogs consumer keys and OAuth tokens at rest
36+
# Required in production; if unset, tokens are stored in plaintext
37+
# Generate with: python -c 'from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())'
38+
OAUTH_ENCRYPTION_KEY=CHANGE_ME_IN_PRODUCTION
39+
3140
# RabbitMQ Production
3241
RABBITMQ_USER=discogsography
3342
RABBITMQ_PASS=CHANGE_ME_IN_PRODUCTION

docker-compose.prod.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,8 @@
66
# Additional environment variables for production:
77
# - UID/GID: User/Group ID for container processes (default: 1000)
88
# - Memory limits: <SERVICE>_MEMORY_LIMIT (e.g., DASHBOARD_MEMORY_LIMIT)
9-
# - Database credentials: RABBITMQ_USER, POSTGRES_USER, NEO4J_USER, etc.
9+
# - Database credentials: RABBITMQ_USER, RABBITMQ_PASS, POSTGRES_USER, NEO4J_USER, etc.
10+
# - Secrets: JWT_SECRET_KEY, OAUTH_ENCRYPTION_KEY
1011

1112
services:
1213
rabbitmq:
@@ -35,6 +36,7 @@ services:
3536
restart: always
3637
environment:
3738
JWT_SECRET_KEY: ${JWT_SECRET_KEY}
39+
OAUTH_ENCRYPTION_KEY: ${OAUTH_ENCRYPTION_KEY}
3840
POSTGRES_USER: ${POSTGRES_USER}
3941
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
4042
deploy:
@@ -82,6 +84,9 @@ services:
8284

8385
dashboard:
8486
restart: always
87+
environment:
88+
RABBITMQ_MANAGEMENT_USER: ${RABBITMQ_USER}
89+
RABBITMQ_MANAGEMENT_PASSWORD: ${RABBITMQ_PASS}
8590
deploy:
8691
restart_policy:
8792
condition: any

0 commit comments

Comments
 (0)