From 85e2ad8d6f1d9662f12e241d06d315565e4c14d7 Mon Sep 17 00:00:00 2001
From: Tom Butcher <thomasbutcher15@gmail.com>
Date: Sat, 13 Dec 2025 23:54:25 +0000
Subject: [PATCH] Updated secrets held in env vars.

---
 .env.example  |  1 +
 .gitignore    |  2 ++
 README.md     |  4 +---
 config.json   |  8 +++-----
 src/config.js | 15 ++++++++++++++-
 5 files changed, 21 insertions(+), 9 deletions(-)
 create mode 100644 .env.example

diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..0455520
--- /dev/null
+++ b/.env.example
@@ -0,0 +1 @@
+KEYCLOAK_CLIENT_SECRET='SECRET'
diff --git a/.gitignore b/.gitignore
index 0c9ddc1..671711b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -130,3 +130,5 @@ dist
 .pnp.*
 
 *.DS_STORE
+
+*.env
diff --git a/README.md b/README.md
index ae16f89..95fa897 100644
--- a/README.md
+++ b/README.md
@@ -50,8 +50,7 @@ The application uses `config.json` for configuration. Update the following secti
     "keycloak": {
       "url": "https://your-keycloak-server",
       "realm": "your-realm",
-      "clientId": "your-client-id",
-      "clientSecret": "your-client-secret"
+      "clientId": "your-client-id"
     }
   }
 }
@@ -71,7 +70,6 @@ npm run dev
 npm start
 ```
 
-
 ## API Endpoints
 
 The service exposes WebSocket endpoints for:
diff --git a/config.json b/config.json
index 3b46dba..2a6e118 100644
--- a/config.json
+++ b/config.json
@@ -9,8 +9,7 @@
       "keycloak": {
         "url": "https://auth.tombutcher.work",
         "realm": "master",
-        "clientId": "farmcontrol-client",
-        "clientSecret": "GPyh59xctRX83yfKWb83ShK6VEwHIvLF"
+        "clientId": "farmcontrol-client"
       },
       "requiredRoles": []
     },
@@ -32,14 +31,13 @@
       "keycloak": {
         "url": "https://auth.tombutcher.work",
         "realm": "master",
-        "clientId": "farmcontrol-client",
-        "clientSecret": "GPyh59xctRX83yfKWb83ShK6VEwHIvLF"
+        "clientId": "farmcontrol-client"
       },
       "requiredRoles": []
     },
     "database": {
       "mongo": {
-        "url": "mongodb://farmcontrol.tombutcher.local:27017/farmcontrol"
+        "url": "mongodb://localhost:27017/farmcontrol"
       }
     }
   }
diff --git a/src/config.js b/src/config.js
index 688fe4e..e2ee339 100644
--- a/src/config.js
+++ b/src/config.js
@@ -27,7 +27,20 @@ export function loadConfig() {
       );
     }
 
-    return config[NODE_ENV];
+    const envConfig = config[NODE_ENV];
+
+    // Override keycloak client secret with environment variable if available
+    if (process.env.KEYCLOAK_CLIENT_SECRET) {
+      if (!envConfig.auth) {
+        envConfig.auth = {};
+      }
+      if (!envConfig.auth.keycloak) {
+        envConfig.auth.keycloak = {};
+      }
+      envConfig.auth.keycloak.clientSecret = process.env.KEYCLOAK_CLIENT_SECRET;
+    }
+
+    return envConfig;
   } catch (err) {
     console.error('Error loading config:', err);
     throw err;