Scott.Idem/OSIT-AE-App-Svelte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: move hardcoded bootstrap API key to env var

Browse Source 
PUBLIC_AE_BOOTSTRAP_KEY replaces the hardcoded 'IDF68Em5X4HTZlswRNgepQ' in:
- src/routes/+layout.ts (site-domain bootstrap request)
- src/routes/testing/+page.svelte (trace agent key)

Added to .env.staging, .env.prod, .env.local (gitignored), and updated
.env.staging.default / .env.prod.default with XXXX placeholders.
Key can now be rotated independently from the main API secret key.
This commit is contained in:
Scott Idem
2026-03-10 16:30:11 -04:00
parent b7d9e9669d
commit f03627ef3c
4 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/routes/testing/+page.svelte
View File

@@ -1,5 +1,6 @@
<script lang="ts">
import { onMount } from 'svelte';
import { PUBLIC_AE_BOOTSTRAP_KEY } from '$env/static/public';
import { api } from '$lib/api/api';
import { ae_loc, ae_api, ae_sess } from '$lib/stores/ae_stores';
@@ -52,7 +53,7 @@
let trace_use_jwt = $state(true);
let trace_jwt_method = $state('header'); // 'header' or 'url'
let trace_use_bypass = $state(false);
let trace_agent_key = 'IDF68Em5X4HTZlswRNgepQ';
let trace_agent_key = PUBLIC_AE_BOOTSTRAP_KEY;
let trace_use_agent_key = $state(false);
onMount(async () => {