admin/e-ticket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use SECRET_ANALYTICS env var, regenerated at each deployment

Browse Source 
- New SECRET_ANALYTICS variable replaces kernel.secret for analytics
- Ansible generates a random 32-char secret at each deploy
- Endpoint token and encryption key change with every deployment
- Existing sessions will get new visitor_id after deploy (expected)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Serreau Jovann
2026-03-26 12:27:05 +01:00
parent a139f86b90
commit 98b0b41064
7 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ansible/deploy.yml
View File

@@ -21,6 +21,10 @@
set_fact:
docker_gid: "{{ docker_sock.stat.gid }}"
- name: Generate analytics secret
set_fact:
analytics_secret: "{{ lookup('password', '/dev/null chars=ascii_lowercase,digits length=32') }}"
tasks:
- name: Deploy .env.local
template:

1
ansible/env.local.j2
View File

@@ -24,3 +24,4 @@ OAUTH_KEYCLOAK_CLIENT_ID=e-ticket
OAUTH_KEYCLOAK_CLIENT_SECRET=1oLwbhJDNVmGH8CES1OdQtzR7dECOlII
OAUTH_KEYCLOAK_URL=https://auth.esy-web.dev
OAUTH_KEYCLOAK_REALM=e-cosplay
SECRET_ANALYTICS={{ analytics_secret }}