-
-
Notifications
You must be signed in to change notification settings - Fork 621
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(fireflyiii): add cron support #1470
Conversation
|
Secret | Commit | Filename | Detected At |
---|
🛠 How to resolve this
-
Understand the implications of revoking this secret by examining where it is used in your code.
-
Replace and store your secret safely. Learn here the best practices
-
Revoke and rotate this secret
-
If possible, rewrite your git history to remove all evidence of the secret leak. Please beware this is not a trivial operation. You might completely break other contributing developers’ workflow and you risk accidentally deleting work in progress.
💡 To avoid such incidents in the future, consider following these best practices for managing and storing secrets including API keys and other credentials.
You are seeing this because you or someone else has authorized GitGuardian to scan pull requests
Please do not send in ANY commits at this time. |
Still needs work. |
@Ornias1993 Is this how auto generated remembered secrets works? It's mostly copy-pasta from authelia. EDIT: I think it needs also a configmap? |
You actually need to load the secret value to a env-var as normal. |
Is there any better/recommended image to use for curl? Also, should the APP_KEY also be moved to autogen remembered secrets? |
You should reference our alpline image under alpineImage or something. |
No idea. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved, though it could use some future (security) optimalisations and configurability by the user...
Please bump minor version (not patch) @stavros-k |
Configurability won't be much as the cron wont be accepted by the app if it runs sooner than once per 12h. I'd like to hear what security updates could be done for the future |
@stavros-k awesome, didn't know that. |
Awesome, will do some tests later and make a new PR addressing this! |
This PR is locked to prevent necro-posting on closed PRs. Please create a issue or contact staff on discord if you want to further discuss this |
Description
Fixes #990
Type of change
How Has This Been Tested?
Notes:
Checklist: