From 6acc16c0b92936ef73292dded1a5c014c5235b93 Mon Sep 17 00:00:00 2001 From: Julien Gautier Date: Sat, 25 Apr 2026 17:36:06 +0200 Subject: [PATCH] security(env): remove credentials from nodemon.json All secrets (DB passwords, API keys, JWT secret) are now sourced exclusively from config/env/.env.local, which is gitignored. Nodemon only sets APP_ENV=local so that app.js's dotenv loader picks up the right env file at boot. Note: the previously committed values are still in git history. They must be rotated out-of-band (rotation list tracked separately). --- nodemon.json | 28 ++-------------------------- 1 file changed, 2 insertions(+), 26 deletions(-) diff --git a/nodemon.json b/nodemon.json index 354cd36..46cc986 100644 --- a/nodemon.json +++ b/nodemon.json @@ -1,29 +1,5 @@ { - "env" : { - "APP_ENV": "local", - "NODE_ENV" : "development", - "DEBUG": false, - "SERVER_PORT": 3201, - "SECRET": "$2b$10$aEsAUG7Dy8dcTORi1vaQle", - "SESSION_LIFETIME": 3600, - "MONGODB_URI": "mongodb://localhost:27017/adastradb", - "SENDGRID_API_KEY": "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", - "SENDGRID_FROM_MAIL": "contact@rampeur.fr", - "SENDGRID_TO_MAIL": "rampeur@gmail.com", - "AUTHORIZATION_PREFIX": "Api-Key", - "COUCHDB_URL": "http://couchdb.unespace.com", - "COUCHDB_DATABASE": "headupdb", - "COUCHDB_DESIGN": "headup_app", - "COUCHDB_CREDENTIAL": "cmFtcGV1cjpES3hwMjRQUw==", - "SKYDIVERID_API_URL": "https://skydiver.id/api", - "SKYDIVERID_API_TOKEN": "xmqzgnGYMD.OJgFw1pCXCpJFGmZfSjmWK8lrpqAQNnu", - "MYSQL_DBNAME": "c4adastracomdb3", - "MYSQL_DBUSER": "c4adastracomu1", - "MYSQL_DBPASS": "kbrnrt5jPK12", - "MYSQL_DBHOST": "ns388640.ip-176-31-255.eu", - "MYSQL_DBPORT": 3306, - "MYSQL_DBTYPE": "mysql", - "MYSQL_DATABASE_URL": "mysql://c4adastracomu1:kbrnrt5jPK12@ns388640.ip-176-31-255.eu:3306/c4adastracomdb3", - "MYSQL_DATABASE_URL_DEV": "mysql://c4adastracomu1:kbrnrt5jPK12@ns388640.ip-176-31-255.eu:3306/c4adastracomdb3" + "env": { + "APP_ENV": "local" } }