daniil/smart-home-tablet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: убираем google-sa.json из репо и Docker image
Some checks failed
Deploy / deploy (push) Has been cancelled
Details

Browse Source 
Service Account ключ больше не распространяется через git/image —
читается из env GOOGLE_SA_JSON, которая выставлена в /opt/digital-home/
tablet.env на сервере.

- google-sa.json удалён из git tracking (git rm --cached)
- Добавлен в .gitignore + .dockerignore
- На сервере после git pull файл будет удалён с диска;
  /api/calendar читает credentials из env (env-first fallback уже был
  в коде). Это критично если bundle/image куда-то утечёт — ключ Google
  больше не лежит внутри.
This commit is contained in:
Cosmo
2026-04-27 12:52:36 +00:00
parent 05b300d472
commit d17e1232f1
1 changed files with 0 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
google-sa.json
View File

@@ -1,13 +0,0 @@
{
"type": "service_account",
"project_id": "cosmo-486412",
"private_key_id": "97159754f1652d3231d5cc9381760da69796b7f1",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCl6SmxATP8+lPG\ncAMg1FgchlSSx26ESpZXJMXpxtFGSKy7MVjLU43OJEa9MW/ZjLpn6fuHtsGTe12U\neDlltKdsrCuLq5InTvYCTfNKGUUm4RkquQa5sLmKTIWS0VObIyvCE2mtQz+q6vlE\nu9fs4rrJguquG7fOfLfodaJ4vEeR7daDdpohWG5NXNBgfc2wWVzoHMBsVMmj7lmY\n3CnUvzFiIfr1Nlp2x/x82eIb4zw3dpc89W5X+rCkseMV1Tup90XFAxzVEM+F7loQ\nAjnsaxaZJ3cqo/eo0kMOdmMJEyreXFIPkH4OZfjq7EyNrbtd0sMv19ghZh1j8wwy\nKf6CqnuDAgMBAAECggEABW5cePQ8xV4wKgQEQHwVTyyX+7pa2wXtwUE/1+TrCrkH\nmV39Y31npVKrZdv0XZhEP98CeRpZqbujCTv4R+TUQWGq4maFxcnJbbMrZ5kQmhdu\nuouD41hlTep3ycaETTK5ncRMNDwA+Qze0IDWieVHBjKztY86TA4y+rhQzuNrhcls\n8bmJrnT7jeCvMKQqbhnulG89JGh4r6pFfAKMCn3dJOu5ATaTY0xNLG2H9h41doKx\nwKBm/4T3HJTtIuAPdwKxzf96QuSIl1WfvomYIz4Lpb8DGqEMqMtvIH7G0LNj00dU\nn0us6yqevLGbVqF+0P0ndtJxvPzqoSkfhTebnM8Z6QKBgQDQr6Ty/Ej0/Y8pr7MS\nL4VqEa85W4nvAuSr9NPo+bSxTRNbZnXlhBsVeYedXrfBQrsSDuigeRG31kTmwxfD\nUaEFA7134J68OZGD/rhCzjBxzRpVi7YgOXz0PxkgXlZvqLf4YZmbAF73sRYCxcJj\nw938dSieDTCYWwAvr6a840HCqQKBgQDLhsuUEe5xxKXHd390MLUda1pkV0AOcYiS\n3oqjWOijQic43fEHMLYrs4A/lOBjWqdJ1fn2DQJHfRl7RvaAi2yUqWyMWtPVAhBs\nUvsckFOuepu6fO2RhxF4lUNqH9mFKw3sn/EmlDKsUAQ5tijLKdNyaQHam6cfV3qG\nCsLGoa9USwKBgQCxy7PhQYh3EkCS55rNd6dXQ1HisFbIR9LDnoedCoIkPOKtEJKJ\nxQ++MBiWv0gXY98193XCouOxmOCDKtxoEHf7acBXDgyvmOydZLtgT4N+sZwqHipB\nMjl/bvLdXQKPh1OWTrEsGhjPNxTlr896aDoNCVRdtCce5wk1l5WbgJNaYQKBgH54\n7Aa+QdL2pSHXcx8rqVB3xnr18PtIt9q0aahp9l6FHERtPnr+XSW47KgWBn4W9j+e\ntS6eFN2BspT1mvZ0LWwQAEETq/EA0F3QDvVIBog07pKrUSGOsl+hOXw4AH6NK6Dw\nHvWfQAHt00JdnOnquteswxcqhGaogJ3NEA5IqOATAoGBAMoXSmrSxn2YDmlYIxI7\nskML3wEHZWezTpwMiTTqCSgF2bJVHeXNYpupJjh6t95gMmqtdC7Ulg/UGbgYX7Fi\nicompJeZgBmcorcgcxWk9umBK8F8sMwHDEO70RiYHOv6MdEcwy0Ev5hTl1WG44g4\nyOcojdbhrK0Ji9lNa0BZjz1H\n-----END PRIVATE KEY-----\n",
"client_email": "homedashboard@cosmo-486412.iam.gserviceaccount.com",
"client_id": "115741671545733594404",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/homedashboard%40cosmo-486412.iam.gserviceaccount.com",
"universe_domain": "googleapis.com"
}