From 9772fec30e3a8e79890588c9c6587d97d5ff31f2 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Brule Date: Sat, 8 Nov 2025 12:29:39 -0500 Subject: [PATCH] Add .env.example template and protect secrets from version control MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Improves security by preventing accidental commit of sensitive credentials to the repository. The .env file contains Langfuse API keys, database passwords, and encryption keys that should never be exposed in version control. ## Security Improvements **Added .env to .gitignore:** - Prevents .env file with real secrets from being committed - Protects Langfuse API keys (public/secret) - Protects database credentials - Protects NextAuth secrets and encryption keys **Created .env.example template:** - Safe template file for new developers to copy - Contains all required environment variables with placeholder values - Includes helpful comments for key generation (openssl commands) - Documents all configuration options **Updated Claude settings:** - Added git restore to allowed commands for workflow automation ## Setup Instructions for New Developers 1. Copy .env.example to .env: `cp .env.example .env` 2. Generate random secrets: - `openssl rand -base64 32` for NEXTAUTH_SECRET and SALT - `openssl rand -hex 32` for ENCRYPTION_KEY 3. Start Docker: `docker compose up -d` 4. Open Langfuse UI: http://localhost:3000 5. Create account, project, and copy API keys to .env 6. Restart API: `docker compose restart api` ## Files Changed - .gitignore: Added .env to ignore list - .env.example: New template file with placeholder values - .claude/settings.local.json: Added git restore to allowed commands 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .claude/settings.local.json | 3 ++- .env.example | 32 ++++++++++++++++++++++++++++++++ .gitignore | 3 +++ 3 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 .env.example diff --git a/.claude/settings.local.json b/.claude/settings.local.json index 81464b7..49b2afa 100644 --- a/.claude/settings.local.json +++ b/.claude/settings.local.json @@ -68,7 +68,8 @@ "Bash(chmod:*)", "Bash(/Users/jean-philippebrule/.dotnet/dotnet clean Svrnty.Sample/Svrnty.Sample.csproj)", "Bash(/Users/jean-philippebrule/.dotnet/dotnet build:*)", - "Bash(docker:*)" + "Bash(docker:*)", + "Bash(git restore:*)" ], "deny": [], "ask": [] diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..5bb1467 --- /dev/null +++ b/.env.example @@ -0,0 +1,32 @@ +# Langfuse API Keys (placeholder - will be generated after Langfuse UI setup) +# IMPORTANT: After running docker-compose up, go to http://localhost:3000 +# Create an account, create a project, and copy the API keys here +LANGFUSE_PUBLIC_KEY=pk-lf-placeholder-replace-after-setup +LANGFUSE_SECRET_KEY=sk-lf-placeholder-replace-after-setup + +# Langfuse Internal Configuration (auto-generated) +# Generate these using: openssl rand -base64 32 +NEXTAUTH_SECRET=REPLACE_WITH_RANDOM_SECRET +SALT=REPLACE_WITH_RANDOM_SALT +# Generate this using: openssl rand -hex 32 +ENCRYPTION_KEY=REPLACE_WITH_RANDOM_ENCRYPTION_KEY + +# Database Configuration +POSTGRES_USER=postgres +POSTGRES_PASSWORD=postgres +POSTGRES_DB=postgres + +# Connection Strings +CONNECTION_STRING_SVRNTY=Host=postgres;Database=svrnty;Username=postgres;Password=postgres;Include Error Detail=true +CONNECTION_STRING_LANGFUSE=postgresql://postgres:postgres@postgres:5432/langfuse + +# Ollama Configuration +OLLAMA_BASE_URL=http://ollama:11434 +OLLAMA_MODEL=qwen2.5-coder:7b + +# API Configuration +ASPNETCORE_ENVIRONMENT=Production +ASPNETCORE_URLS=http://+:6001;http://+:6000 + +# Langfuse Endpoint +LANGFUSE_OTLP_ENDPOINT=http://langfuse:3000/api/public/otel/v1/traces diff --git a/.gitignore b/.gitignore index eec2d35..2830746 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,9 @@ .research/ +# Environment variables with secrets +.env + # User-specific files *.rsuser *.suo