From d17e1232f1937c7715fcf3d039b3384522a3e759 Mon Sep 17 00:00:00 2001 From: Cosmo Date: Mon, 27 Apr 2026 12:52:36 +0000 Subject: [PATCH] =?UTF-8?q?security:=20=D1=83=D0=B1=D0=B8=D1=80=D0=B0?= =?UTF-8?q?=D0=B5=D0=BC=20google-sa.json=20=D0=B8=D0=B7=20=D1=80=D0=B5?= =?UTF-8?q?=D0=BF=D0=BE=20=D0=B8=20Docker=20image?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Service Account ключ больше не распространяется через git/image — читается из env GOOGLE_SA_JSON, которая выставлена в /opt/digital-home/ tablet.env на сервере. - google-sa.json удалён из git tracking (git rm --cached) - Добавлен в .gitignore + .dockerignore - На сервере после git pull файл будет удалён с диска; /api/calendar читает credentials из env (env-first fallback уже был в коде). Это критично если bundle/image куда-то утечёт — ключ Google больше не лежит внутри. --- google-sa.json | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 google-sa.json diff --git a/google-sa.json b/google-sa.json deleted file mode 100644 index 6207aa2..0000000 --- a/google-sa.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "type": "service_account", - "project_id": "cosmo-486412", - "private_key_id": "97159754f1652d3231d5cc9381760da69796b7f1", - "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCl6SmxATP8+lPG\ncAMg1FgchlSSx26ESpZXJMXpxtFGSKy7MVjLU43OJEa9MW/ZjLpn6fuHtsGTe12U\neDlltKdsrCuLq5InTvYCTfNKGUUm4RkquQa5sLmKTIWS0VObIyvCE2mtQz+q6vlE\nu9fs4rrJguquG7fOfLfodaJ4vEeR7daDdpohWG5NXNBgfc2wWVzoHMBsVMmj7lmY\n3CnUvzFiIfr1Nlp2x/x82eIb4zw3dpc89W5X+rCkseMV1Tup90XFAxzVEM+F7loQ\nAjnsaxaZJ3cqo/eo0kMOdmMJEyreXFIPkH4OZfjq7EyNrbtd0sMv19ghZh1j8wwy\nKf6CqnuDAgMBAAECggEABW5cePQ8xV4wKgQEQHwVTyyX+7pa2wXtwUE/1+TrCrkH\nmV39Y31npVKrZdv0XZhEP98CeRpZqbujCTv4R+TUQWGq4maFxcnJbbMrZ5kQmhdu\nuouD41hlTep3ycaETTK5ncRMNDwA+Qze0IDWieVHBjKztY86TA4y+rhQzuNrhcls\n8bmJrnT7jeCvMKQqbhnulG89JGh4r6pFfAKMCn3dJOu5ATaTY0xNLG2H9h41doKx\nwKBm/4T3HJTtIuAPdwKxzf96QuSIl1WfvomYIz4Lpb8DGqEMqMtvIH7G0LNj00dU\nn0us6yqevLGbVqF+0P0ndtJxvPzqoSkfhTebnM8Z6QKBgQDQr6Ty/Ej0/Y8pr7MS\nL4VqEa85W4nvAuSr9NPo+bSxTRNbZnXlhBsVeYedXrfBQrsSDuigeRG31kTmwxfD\nUaEFA7134J68OZGD/rhCzjBxzRpVi7YgOXz0PxkgXlZvqLf4YZmbAF73sRYCxcJj\nw938dSieDTCYWwAvr6a840HCqQKBgQDLhsuUEe5xxKXHd390MLUda1pkV0AOcYiS\n3oqjWOijQic43fEHMLYrs4A/lOBjWqdJ1fn2DQJHfRl7RvaAi2yUqWyMWtPVAhBs\nUvsckFOuepu6fO2RhxF4lUNqH9mFKw3sn/EmlDKsUAQ5tijLKdNyaQHam6cfV3qG\nCsLGoa9USwKBgQCxy7PhQYh3EkCS55rNd6dXQ1HisFbIR9LDnoedCoIkPOKtEJKJ\nxQ++MBiWv0gXY98193XCouOxmOCDKtxoEHf7acBXDgyvmOydZLtgT4N+sZwqHipB\nMjl/bvLdXQKPh1OWTrEsGhjPNxTlr896aDoNCVRdtCce5wk1l5WbgJNaYQKBgH54\n7Aa+QdL2pSHXcx8rqVB3xnr18PtIt9q0aahp9l6FHERtPnr+XSW47KgWBn4W9j+e\ntS6eFN2BspT1mvZ0LWwQAEETq/EA0F3QDvVIBog07pKrUSGOsl+hOXw4AH6NK6Dw\nHvWfQAHt00JdnOnquteswxcqhGaogJ3NEA5IqOATAoGBAMoXSmrSxn2YDmlYIxI7\nskML3wEHZWezTpwMiTTqCSgF2bJVHeXNYpupJjh6t95gMmqtdC7Ulg/UGbgYX7Fi\nicompJeZgBmcorcgcxWk9umBK8F8sMwHDEO70RiYHOv6MdEcwy0Ev5hTl1WG44g4\nyOcojdbhrK0Ji9lNa0BZjz1H\n-----END PRIVATE KEY-----\n", - "client_email": "homedashboard@cosmo-486412.iam.gserviceaccount.com", - "client_id": "115741671545733594404", - "auth_uri": "https://accounts.google.com/o/oauth2/auth", - "token_uri": "https://oauth2.googleapis.com/token", - "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", - "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/homedashboard%40cosmo-486412.iam.gserviceaccount.com", - "universe_domain": "googleapis.com" -}