openverse icon indicating copy to clipboard operation
openverse copied to clipboard

Published 20 hours ago verified publisher icon WordPress

Replace the sample string in a secret with a more obviously safe value

Open obulat opened this issue 1 year ago • 2 comments

Description

The local Plausible setup we use a (probably default) SECRET_KEY_BASE. This is not a problem because we don't use this key in production, but to prevent false security flagging, we should replace the value with a safe-looking one.

Solution

Replace the current value MN00EYOjQegVd5Z2NkMoSk3o1cklN/37YINtjYtM3yxsoXUhRNnvgWu3pgnEibKR126HmlGeHu7KHpPaYj/Awg== with "local_secret_key_base":

https://github.com/WordPress/openverse/blob/b55d6d521ee71b717f73ccf225b1de3bf35e5df9/docker/plausible/env.docker#L2

obulat avatar Apr 29 '24 04:04 obulat

Also noting here that changing the secret key will necessitate updating the usage of this key to generate the API token.

https://github.com/WordPress/openverse/blob/b55d6d521ee71b717f73ccf225b1de3bf35e5df9/setup_plausible.sh#L13

dhruvkb avatar Apr 29 '24 14:04 dhruvkb

Hi @obulat I'd like to take on this

madewithkode avatar May 04 '24 14:05 madewithkode

Sure, @madewithkode, I've assigned the issue to you.

obulat avatar May 07 '24 12:05 obulat