From ab2a6176006854902e4d4a50efd7b367610ca740 Mon Sep 17 00:00:00 2001 From: Natalia Portillo Date: Sat, 4 Jul 2026 14:46:39 +0100 Subject: [PATCH] Remove hardcoded secrets from appsettings.json JWT signing key and database connection string were committed in plaintext. Both are now empty placeholders; real values live in .NET User Secrets (dev) and must be supplied via environment variables or a secrets manager in production. --- Marechai.Server/appsettings.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Marechai.Server/appsettings.json b/Marechai.Server/appsettings.json index 5038f44c..1d6ee7c9 100644 --- a/Marechai.Server/appsettings.json +++ b/Marechai.Server/appsettings.json @@ -1,6 +1,6 @@ { "ConnectionStrings": { - "DefaultConnection": "server=mariadb-dev.claunia.com;port=3306;user=marechai;password=marechaipass;database=marechai;TreatTinyAsBoolean=false" + "DefaultConnection": "" }, "Logging": { "LogLevel": { @@ -67,7 +67,7 @@ } ], "Jwt": { - "Key": "!SomethingSecret!!SomethingSecret!!SomethingSecret!!SomethingSecret!", + "Key": "", "Issuer": "apiWithAuthBackend", "Audience": "apiWithAuthBackend" },