security: remove hardcoded auth token from committed .env.test
The file contained a publicly known LOCAL_AUTH_TOKEN value that could be used against misconfigured deployments. Replace with an empty value and a comment showing how to generate a secure token. The test suite continues to work via conftest.py which sets its own test-only token. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Hugh Brown
committed by
Abhimanyu Saharan
Abhimanyu Saharan
parent
8e145a2129
commit
8a30c82c6d
@@ -17,8 +17,9 @@ BASE_URL=http://localhost:8000
|
||||
|
||||
# Auth mode: local for test/dev
|
||||
AUTH_MODE=local
|
||||
# Must be non-placeholder and >= 50 chars
|
||||
LOCAL_AUTH_TOKEN=test-local-token-0123456789-0123456789-0123456789x
|
||||
# Must be non-placeholder and >= 50 chars.
|
||||
# Generate with: python3 -c "import secrets; print(secrets.token_urlsafe(48))"
|
||||
LOCAL_AUTH_TOKEN=
|
||||
|
||||
# Clerk settings kept empty in local auth mode
|
||||
CLERK_SECRET_KEY=
|
||||
|
||||
Reference in New Issue
Block a user