yunxiafei/openclaw-mission-control
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: remove hardcoded auth token from committed .env.test

Browse Source 
The file contained a publicly known LOCAL_AUTH_TOKEN value that could
be used against misconfigured deployments. Replace with an empty value
and a comment showing how to generate a secure token. The test suite
continues to work via conftest.py which sets its own test-only token.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Hugh Brown
2026-03-03 13:40:27 -07:00
committed by Abhimanyu Saharan
parent 8e145a2129
commit 8a30c82c6d
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
backend/.env.test
View File

@@ -17,8 +17,9 @@ BASE_URL=http://localhost:8000
# Auth mode: local for test/dev # Auth mode: local for test/dev
AUTH_MODE=local AUTH_MODE=local
# Must be non-placeholder and >= 50 chars # Must be non-placeholder and >= 50 chars.
LOCAL_AUTH_TOKEN=test-local-token-0123456789-0123456789-0123456789x # Generate with: python3 -c "import secrets; print(secrets.token_urlsafe(48))"
LOCAL_AUTH_TOKEN=
# Clerk settings kept empty in local auth mode # Clerk settings kept empty in local auth mode
CLERK_SECRET_KEY= CLERK_SECRET_KEY=