mirror of
https://github.com/Zie619/n8n-workflows.git
synced 2025-11-24 19:12:59 +08:00
7585cbd852
CRITICAL SECURITY FIXES: - Replaced hardcoded SECRET_KEY with environment variable (JWT_SECRET_KEY) - Replaced hardcoded admin password with environment variable (ADMIN_PASSWORD) - Auto-generate secure random values when environment variables not set - Added .env.example file with configuration template - Updated .gitignore to exclude all .env files These changes address the critical security vulnerabilities flagged by Trivy
23 lines
657 B
Plaintext
23 lines
657 B
Plaintext
# Environment Variables for n8n-workflows
|
|
# Copy this file to .env and configure with your own values
|
|
|
|
# Security Configuration
|
|
JWT_SECRET_KEY=your-secret-jwt-key-change-this-in-production
|
|
ADMIN_PASSWORD=your-secure-admin-password-change-this
|
|
|
|
# API Configuration
|
|
ADMIN_TOKEN=your-admin-api-token-for-protected-endpoints
|
|
|
|
# Database Configuration (optional)
|
|
WORKFLOW_DB_PATH=database/workflows.db
|
|
|
|
# Server Configuration (optional)
|
|
HOST=127.0.0.1
|
|
PORT=8000
|
|
|
|
# CORS Origins (optional, comma-separated)
|
|
ALLOWED_ORIGINS=http://localhost:3000,http://localhost:8080,https://zie619.github.io
|
|
|
|
# Rate Limiting (optional)
|
|
RATE_LIMIT_REQUESTS=60
|
|
RATE_LIMIT_WINDOW=60 |