zie619 7585cbd852 fix: Remove hardcoded secrets to pass Trivy security scan ...

CRITICAL SECURITY FIXES:
- Replaced hardcoded SECRET_KEY with environment variable (JWT_SECRET_KEY)
- Replaced hardcoded admin password with environment variable (ADMIN_PASSWORD)
- Auto-generate secure random values when environment variables not set
- Added .env.example file with configuration template
- Updated .gitignore to exclude all .env files

These changes address the critical security vulnerabilities flagged by Trivy

2025-11-03 12:18:45 +02:00

657 B

Raw Permalink Blame History

View Raw