security: убираем google-sa.json из репо и Docker image
Some checks failed
Deploy / deploy (push) Has been cancelled
Some checks failed
Deploy / deploy (push) Has been cancelled
Service Account ключ больше не распространяется через git/image — читается из env GOOGLE_SA_JSON, которая выставлена в /opt/digital-home/ tablet.env на сервере. - google-sa.json удалён из git tracking (git rm --cached) - Добавлен в .gitignore + .dockerignore - На сервере после git pull файл будет удалён с диска; /api/calendar читает credentials из env (env-first fallback уже был в коде). Это критично если bundle/image куда-то утечёт — ключ Google больше не лежит внутри.
This commit is contained in:
Cosmo
@@ -1,13 +0,0 @@
|
||||
{
|
||||
"type": "service_account",
|
||||
"project_id": "cosmo-486412",
|
||||
"private_key_id": "97159754f1652d3231d5cc9381760da69796b7f1",
|
||||
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCl6SmxATP8+lPG\ncAMg1FgchlSSx26ESpZXJMXpxtFGSKy7MVjLU43OJEa9MW/ZjLpn6fuHtsGTe12U\neDlltKdsrCuLq5InTvYCTfNKGUUm4RkquQa5sLmKTIWS0VObIyvCE2mtQz+q6vlE\nu9fs4rrJguquG7fOfLfodaJ4vEeR7daDdpohWG5NXNBgfc2wWVzoHMBsVMmj7lmY\n3CnUvzFiIfr1Nlp2x/x82eIb4zw3dpc89W5X+rCkseMV1Tup90XFAxzVEM+F7loQ\nAjnsaxaZJ3cqo/eo0kMOdmMJEyreXFIPkH4OZfjq7EyNrbtd0sMv19ghZh1j8wwy\nKf6CqnuDAgMBAAECggEABW5cePQ8xV4wKgQEQHwVTyyX+7pa2wXtwUE/1+TrCrkH\nmV39Y31npVKrZdv0XZhEP98CeRpZqbujCTv4R+TUQWGq4maFxcnJbbMrZ5kQmhdu\nuouD41hlTep3ycaETTK5ncRMNDwA+Qze0IDWieVHBjKztY86TA4y+rhQzuNrhcls\n8bmJrnT7jeCvMKQqbhnulG89JGh4r6pFfAKMCn3dJOu5ATaTY0xNLG2H9h41doKx\nwKBm/4T3HJTtIuAPdwKxzf96QuSIl1WfvomYIz4Lpb8DGqEMqMtvIH7G0LNj00dU\nn0us6yqevLGbVqF+0P0ndtJxvPzqoSkfhTebnM8Z6QKBgQDQr6Ty/Ej0/Y8pr7MS\nL4VqEa85W4nvAuSr9NPo+bSxTRNbZnXlhBsVeYedXrfBQrsSDuigeRG31kTmwxfD\nUaEFA7134J68OZGD/rhCzjBxzRpVi7YgOXz0PxkgXlZvqLf4YZmbAF73sRYCxcJj\nw938dSieDTCYWwAvr6a840HCqQKBgQDLhsuUEe5xxKXHd390MLUda1pkV0AOcYiS\n3oqjWOijQic43fEHMLYrs4A/lOBjWqdJ1fn2DQJHfRl7RvaAi2yUqWyMWtPVAhBs\nUvsckFOuepu6fO2RhxF4lUNqH9mFKw3sn/EmlDKsUAQ5tijLKdNyaQHam6cfV3qG\nCsLGoa9USwKBgQCxy7PhQYh3EkCS55rNd6dXQ1HisFbIR9LDnoedCoIkPOKtEJKJ\nxQ++MBiWv0gXY98193XCouOxmOCDKtxoEHf7acBXDgyvmOydZLtgT4N+sZwqHipB\nMjl/bvLdXQKPh1OWTrEsGhjPNxTlr896aDoNCVRdtCce5wk1l5WbgJNaYQKBgH54\n7Aa+QdL2pSHXcx8rqVB3xnr18PtIt9q0aahp9l6FHERtPnr+XSW47KgWBn4W9j+e\ntS6eFN2BspT1mvZ0LWwQAEETq/EA0F3QDvVIBog07pKrUSGOsl+hOXw4AH6NK6Dw\nHvWfQAHt00JdnOnquteswxcqhGaogJ3NEA5IqOATAoGBAMoXSmrSxn2YDmlYIxI7\nskML3wEHZWezTpwMiTTqCSgF2bJVHeXNYpupJjh6t95gMmqtdC7Ulg/UGbgYX7Fi\nicompJeZgBmcorcgcxWk9umBK8F8sMwHDEO70RiYHOv6MdEcwy0Ev5hTl1WG44g4\nyOcojdbhrK0Ji9lNa0BZjz1H\n-----END PRIVATE KEY-----\n",
|
||||
"client_email": "homedashboard@cosmo-486412.iam.gserviceaccount.com",
|
||||
"client_id": "115741671545733594404",
|
||||
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
|
||||
"token_uri": "https://oauth2.googleapis.com/token",
|
||||
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
|
||||
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/homedashboard%40cosmo-486412.iam.gserviceaccount.com",
|
||||
"universe_domain": "googleapis.com"
|
||||
}
|
||||
Reference in New Issue
Block a user