Updated secrets held in env vars.

2025-12-13 23:54:25 +00:00 · 2025-12-13 23:54:25 +00:00 · 85e2ad8d6f
commit 85e2ad8d6f
parent 787e8f6a9c
5 changed files with 21 additions and 9 deletions
--- a/.env.example
+++ b/.env.example
@ -0,0 +1 @@
+KEYCLOAK_CLIENT_SECRET='SECRET'
--- a/.gitignore
+++ b/.gitignore
@ -130,3 +130,5 @@ dist
 .pnp.*

 *.DS_STORE
+
+*.env
--- a/README.md
+++ b/README.md
@ -50,8 +50,7 @@ The application uses `config.json` for configuration. Update the following secti
    "keycloak": {
      "url": "https://your-keycloak-server",
      "realm": "your-realm",
-      "clientId": "your-client-id",
-      "clientSecret": "your-client-secret"
+      "clientId": "your-client-id"
    }
  }
 }
@ -71,7 +70,6 @@ npm run dev
 npm start
 ```

-
 ## API Endpoints

 The service exposes WebSocket endpoints for:
--- a/config.json
+++ b/config.json
@ -9,8 +9,7 @@
      "keycloak": {
        "url": "https://auth.tombutcher.work",
        "realm": "master",
-        "clientId": "farmcontrol-client",
-        "clientSecret": "GPyh59xctRX83yfKWb83ShK6VEwHIvLF"
+        "clientId": "farmcontrol-client"
      },
      "requiredRoles": []
    },
@ -32,14 +31,13 @@
      "keycloak": {
        "url": "https://auth.tombutcher.work",
        "realm": "master",
-        "clientId": "farmcontrol-client",
-        "clientSecret": "GPyh59xctRX83yfKWb83ShK6VEwHIvLF"
+        "clientId": "farmcontrol-client"
      },
      "requiredRoles": []
    },
    "database": {
      "mongo": {
-        "url": "mongodb://farmcontrol.tombutcher.local:27017/farmcontrol"
+        "url": "mongodb://localhost:27017/farmcontrol"
      }
    }
  }
--- a/src/config.js
+++ b/src/config.js
@ -27,7 +27,20 @@ export function loadConfig() {
      );
    }

-    return config[NODE_ENV];
+    const envConfig = config[NODE_ENV];
+
+    // Override keycloak client secret with environment variable if available
+    if (process.env.KEYCLOAK_CLIENT_SECRET) {
+      if (!envConfig.auth) {
+        envConfig.auth = {};
+      }
+      if (!envConfig.auth.keycloak) {
+        envConfig.auth.keycloak = {};
+      }
+      envConfig.auth.keycloak.clientSecret = process.env.KEYCLOAK_CLIENT_SECRET;
+    }
+
+    return envConfig;
  } catch (err) {
    console.error('Error loading config:', err);
    throw err;