Compare commits
3 Commits
7c7370860a
...
purge/guar
| Author | SHA1 | Date | |
|---|---|---|---|
| 25c6cb705d | |||
| fad93b04d6 | |||
| 20ce45717a |
@@ -25,7 +25,7 @@ config :arcadia_cloud, ArcadiaCloudWeb.Endpoint,
|
||||
# Guardian — must match arcadia-core's Arcadia.Guardian dev secret_key
|
||||
# (shared verbatim with arcadia-social and arcadia-voice).
|
||||
config :arcadia_cloud, ArcadiaCloud.Guardian,
|
||||
secret_key: "DuMkIRN3Qcxk8VqOu8nHj5i7a7a7YgBHF4oXqKwDI4A="
|
||||
secret_key: "dev-only-guardian-secret-not-for-production-aaaaaaaaaaaaaaaa="
|
||||
|
||||
# skyai-finance push — service-to-service identity for cloud invoice push.
|
||||
# tenant_id="platform-admin" lands invoices in the platform's own books;
|
||||
|
||||
@@ -23,6 +23,18 @@ end
|
||||
config :arcadia_cloud, ArcadiaCloudWeb.Endpoint,
|
||||
http: [port: String.to_integer(System.get_env("PORT", "4005"))]
|
||||
|
||||
# Guardian shared secret — arcadia-cloud only *verifies* arcadia-core-issued
|
||||
# JWTs, so this MUST match arcadia-core's Arcadia.Guardian secret or every
|
||||
# authed route 401s. Without it Guardian cannot verify at all. Prod supplies
|
||||
# GUARDIAN_SECRET_KEY (raise if missing); dev/test use the pinned shared secret.
|
||||
config :arcadia_cloud, ArcadiaCloud.Guardian,
|
||||
secret_key:
|
||||
System.get_env("GUARDIAN_SECRET_KEY") ||
|
||||
if(config_env() == :prod,
|
||||
do: raise("environment variable GUARDIAN_SECRET_KEY is missing"),
|
||||
else: "dev-only-guardian-secret-not-for-production-aaaaaaaaaaaaaaaa="
|
||||
)
|
||||
|
||||
if config_env() == :prod do
|
||||
database_url =
|
||||
System.get_env("DATABASE_URL") ||
|
||||
|
||||
Reference in New Issue
Block a user