Merge branch origin/codex/consolidate-environment-secrets-across-platforms into main

2026-03-17 01:57:11 -05:00 · 2025-11-16 21:50:29 -06:00
parent fb73a6148a 9e0b06a0a0
commit 40fa6cd2b1
5 changed files with 40 additions and 7 deletions
--- a/backend/.env.example
+++ b/backend/.env.example
@@ -9,10 +9,13 @@ APP_NAME=BlackRoad Operating System
 APP_VERSION=1.0.0
 DEBUG=False
 ENVIRONMENT=production
+NODE_ENV=production
+PYTHON_ENV=production

 # Database connectivity
 DATABASE_URL=postgresql://YOUR_DB_USER:YOUR_DB_PASSWORD@YOUR_DB_HOST:5432/blackroad
 DATABASE_ASYNC_URL=postgresql+asyncpg://YOUR_DB_USER:YOUR_DB_PASSWORD@YOUR_DB_HOST:5432/blackroad
+POSTGRES_URL=postgresql://YOUR_DB_USER:YOUR_DB_PASSWORD@YOUR_DB_HOST:5432/blackroad
 REDIS_URL=redis://YOUR_REDIS_HOST:6379/0

 # Security / auth
@@ -22,6 +25,9 @@ ACCESS_TOKEN_EXPIRE_MINUTES=30
 REFRESH_TOKEN_EXPIRE_DAYS=7
 WALLET_MASTER_KEY=changeme-wallet-master-key
 ALLOWED_ORIGINS=https://blackroad.systems,https://your-frontend.example
+JWT_SECRET=changeme-jwt-secret
+SESSION_SECRET=changeme-session-secret
+NEXTAUTH_SECRET=changeme-nextauth-secret

 # Object storage
 AWS_ACCESS_KEY_ID=YOUR_AWS_ACCESS_KEY_ID
@@ -38,6 +44,7 @@ EMAIL_FROM=blackroad@example.com

 # AI integrations
 OPENAI_API_KEY=sk-your-openai-key
+ANTHROPIC_API_KEY=anthropic-key-placeholder

 # Blockchain tuning
 BLOCKCHAIN_DIFFICULTY=4
@@ -50,9 +57,10 @@ RAILWAY_ENVIRONMENT_ID=00000000-0000-0000-0000-000000000000
 RAILWAY_DOMAIN=your-service.up.railway.app
 SLACK_WEBHOOK_URL=https://hooks.slack.com/services/XXX/YYY/ZZZ
 DISCORD_WEBHOOK_URL=https://discord.com/api/webhooks/XXX/YYY
+CLOUDFLARE_API_TOKEN=cloudflare-api-token-placeholder

 # Optional cloud/API integrations
-DIGITALOCEAN_TOKEN=your-digitalocean-token
+DIGITAL_OCEAN_API_KEY=your-digital-ocean-api-key
 GITHUB_TOKEN=your-github-personal-access-token
 HUGGINGFACE_TOKEN=your-huggingface-token
 VERCEL_TOKEN=vercel-token-placeholder
--- a/backend/app/routers/api_health.py
+++ b/backend/app/routers/api_health.py
@@ -324,7 +324,7 @@ async def check_huggingface_status():

 async def check_digitalocean_status():
    """Check DigitalOcean API status"""
-    do_token = os.getenv("DIGITALOCEAN_TOKEN")
+    do_token = os.getenv("DIGITAL_OCEAN_API_KEY") or os.getenv("DIGITALOCEAN_TOKEN")
    if not do_token:
        return {
            "connected": False,
--- a/backend/app/routers/dashboard.py
+++ b/backend/app/routers/dashboard.py
@@ -42,8 +42,11 @@ async def get_dashboard_overview(
    """

    # Check which services are configured
+    digital_ocean_token = os.getenv("DIGITAL_OCEAN_API_KEY") or os.getenv(
+        "DIGITALOCEAN_TOKEN"
+    )
    services_config = {
-        "digitalocean": bool(os.getenv("DIGITALOCEAN_TOKEN")),
+        "digitalocean": bool(digital_ocean_token),
        "github": bool(os.getenv("GITHUB_TOKEN")),
        "huggingface": bool(os.getenv("HUGGINGFACE_TOKEN")),
        "openai": bool(os.getenv("OPENAI_API_KEY")),
@@ -282,7 +285,7 @@ async def list_all_services(
            "description": "Cloud infrastructure management",
            "category": "infrastructure",
            "icon": "🌊",
-            "configured": bool(os.getenv("DIGITALOCEAN_TOKEN"))
+            "configured": bool(digital_ocean_token)
        },
        {
            "id": "github",
--- a/backend/app/routers/digitalocean.py
+++ b/backend/app/routers/digitalocean.py
@@ -24,7 +24,15 @@ router = APIRouter(prefix="/api/digitalocean", tags=["digitalocean"])

 # DigitalOcean API configuration
 DO_API_URL = "https://api.digitalocean.com/v2"
-DO_TOKEN = os.getenv("DIGITALOCEAN_TOKEN", "")
+
+
+def get_digital_ocean_token() -> str:
+    """Return the configured DigitalOcean API key, preferring the canonical name."""
+
+    return os.getenv("DIGITAL_OCEAN_API_KEY") or os.getenv("DIGITALOCEAN_TOKEN", "")
+
+
+DO_TOKEN = get_digital_ocean_token()


 class DropletCreate(BaseModel):
--- a/scripts/railway/validate_env_template.py
+++ b/scripts/railway/validate_env_template.py
@@ -24,7 +24,8 @@ EXTRA_REQUIRED_KEYS: Set[str] = {
    "RAILWAY_DOMAIN",
    "SLACK_WEBHOOK_URL",
    "DISCORD_WEBHOOK_URL",
-    "DIGITALOCEAN_TOKEN",
+    "DIGITAL_OCEAN_API_KEY",
+    "CLOUDFLARE_API_TOKEN",
    "GITHUB_TOKEN",
    "HUGGINGFACE_TOKEN",
    "VERCEL_TOKEN",
@@ -46,6 +47,13 @@ EXTRA_REQUIRED_KEYS: Set[str] = {
    "MQTT_USERNAME",
    "MQTT_PASSWORD",
    "DEVICE_HEARTBEAT_TIMEOUT_SECONDS",
+    "ANTHROPIC_API_KEY",
+    "POSTGRES_URL",
+    "JWT_SECRET",
+    "SESSION_SECRET",
+    "NEXTAUTH_SECRET",
+    "NODE_ENV",
+    "PYTHON_ENV",
 }

 SENSITIVE_KEYS: Set[str] = {
@@ -64,7 +72,8 @@ SENSITIVE_KEYS: Set[str] = {
    "RAILWAY_DOMAIN",
    "SLACK_WEBHOOK_URL",
    "DISCORD_WEBHOOK_URL",
-    "DIGITALOCEAN_TOKEN",
+    "DIGITAL_OCEAN_API_KEY",
+    "CLOUDFLARE_API_TOKEN",
    "GITHUB_TOKEN",
    "HUGGINGFACE_TOKEN",
    "VERCEL_TOKEN",
@@ -82,6 +91,11 @@ SENSITIVE_KEYS: Set[str] = {
    "ROADCOIN_WALLET_ADDRESS",
    "MQTT_BROKER_URL",
    "MQTT_PASSWORD",
+    "ANTHROPIC_API_KEY",
+    "POSTGRES_URL",
+    "JWT_SECRET",
+    "SESSION_SECRET",
+    "NEXTAUTH_SECRET",
 }

 PLACEHOLDER_MARKERS: Tuple[str, ...] = (