Enforce required env vars at startup — eliminate insecure defaults #7

New Issue

Open

opened 2026-04-20 09:34:48 +00:00 by sharang · 0 comments

sharang commented 2026-04-20 09:34:48 +00:00

Owner

Copy Link

Copy Source

Problem

Critical env vars have insecure or misleading defaults that silently allow the app to start in an unsafe state:

• CORS_ORIGINS defaults to "*" (main.py:70) — any website can make credentialed requests
• JWT_SECRET default is the literal string your-super-secret-jwt-key-change-in-production
• COMPLIANCE_DATABASE_URL missing → falls back to a localhost connection that silently fails in prod

Required Actions

1. Create compliance/config.py using Pydantic BaseSettings with explicit required fields (no defaults for secrets)
2. For each required secret, raise RuntimeError at startup if absent
3. Change CORS_ORIGINS default to "" (empty); log a WARNING if no origins are configured
4. Document every env var in .env.orca.example with type, required/optional, and example values
5. Add startup validation test: confirm the app refuses to start without JWT_SECRET

Acceptance Criteria

• App fails fast at startup with a clear error if any required secret is missing
• CORS_ORIGINS=* is not a valid value in production config
• .env.orca.example is complete and accurate

## Problem Critical env vars have insecure or misleading defaults that silently allow the app to start in an unsafe state: - `CORS_ORIGINS` defaults to `"*"` (`main.py:70`) — any website can make credentialed requests - `JWT_SECRET` default is the literal string `your-super-secret-jwt-key-change-in-production` - `COMPLIANCE_DATABASE_URL` missing → falls back to a localhost connection that silently fails in prod ## Required Actions 1. Create `compliance/config.py` using Pydantic `BaseSettings` with explicit required fields (no defaults for secrets) 2. For each required secret, raise `RuntimeError` at startup if absent 3. Change `CORS_ORIGINS` default to `""` (empty); log a WARNING if no origins are configured 4. Document every env var in `.env.orca.example` with type, required/optional, and example values 5. Add startup validation test: confirm the app refuses to start without `JWT_SECRET` ## Acceptance Criteria - App fails fast at startup with a clear error if any required secret is missing - `CORS_ORIGINS=*` is not a valid value in production config - `.env.orca.example` is complete and accurate

sharang added this to the M1: Security Foundation milestone 2026-04-20 09:34:48 +00:00

sharang added the configseverity: highsecurity labels 2026-04-20 09:34:48 +00:00

sharang referenced this issue 2026-04-20 09:34:50 +00:00

Fix CORS default: restrict allowed origins from wildcard to explicit list #8

Benjamin_Boenisch referenced this issue from a commit 2026-05-11 09:51:36 +00:00

refactor: Paket 2 Analyse umstrukturiert + AI Act/Evidence verschoben

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feature/fisa-702-drittland-risiko

feat/dead-code-cleanup

feature/payment-compliance-module

feature/betriebsrat-compliance-module

last-build/main

Labels

Clear labels

config

Env vars, secrets management, startup validation

data-integrity

Transactions, indexes, pagination

frontend

Next.js, client-side concerns

observability

Logging, audit trails, health checks

reliability

Error handling, retries, circuit breakers

security

Auth, secrets, injection, tenant isolation

severity: critical

System-level risk, data breach or full outage

severity: high

Significant risk, must fix before go-live

severity: medium

Important but not blocking go-live

testing

Test coverage, integration tests

No Label config security severity: high

Milestone

No items

No Milestone M1: Security Foundation

Projects

Clear projects

No project

Assignees

Clear assignees

sharang (Sharang Parnerkar) Benjamin_Boenisch

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Benjamin_Boenisch/breakpilot-compliance#7