removing anything that remotely looks like a secret in code to set a good example

2020-09-18 17:38:52 -07:00
parent 531e5c0d00
commit c892cd5ae1
2 changed files with 34 additions and 7 deletions
--- a/docker/src/lemur.conf.py
+++ b/docker/src/lemur.conf.py
@ -1,4 +1,7 @@
 import os
+import random
+import string
+import base64
 from ast import literal_eval

 _basedir = os.path.abspath(os.path.dirname(__file__))
@ -6,10 +9,20 @@ _basedir = os.path.abspath(os.path.dirname(__file__))
 CORS = os.environ.get("CORS") == "True"
 debug = os.environ.get("DEBUG") == "True"

-SECRET_KEY = repr(os.environ.get('SECRET_KEY','Hrs8kCDNPuT9vtshsSWzlrYW+d+PrAXvg/HwbRE6M3vzSJTTrA/ZEw=='))

-LEMUR_TOKEN_SECRET = repr(os.environ.get('LEMUR_TOKEN_SECRET','YVKT6nNHnWRWk28Lra1OPxMvHTqg1ZXvAcO7bkVNSbrEuDQPABM0VQ=='))
-LEMUR_ENCRYPTION_KEYS = repr(os.environ.get('LEMUR_ENCRYPTION_KEYS','Ls-qg9j3EMFHyGB_NL0GcQLI6622n9pSyGM_Pu0GdCo='))
+def get_random_secret(length):
+    secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(length/4))
+    secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(length/4))
+    secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(length/4))
+    return secret_key + ''.join(random.choice(string.digits) for x in range(length/4))
+
+
+SECRET_KEY = repr(os.environ.get('SECRET_KEY', get_random_secret(32).encode('utf8')))
+
+LEMUR_TOKEN_SECRET = repr(os.environ.get('LEMUR_TOKEN_SECRET',
+                                         base64.b64encode(get_random_secret(32).encode('utf8'))))
+LEMUR_ENCRYPTION_KEYS = repr(os.environ.get('LEMUR_ENCRYPTION_KEYS',
+                                            base64.b64encode(get_random_secret(32).encode('utf8'))))

 LEMUR_WHITELISTED_DOMAINS = []