hehihoho3/h-lab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(security): externalize secrets to git-ignored application-local.yml

Browse Source 
Remove hardcoded DB credentials and YouTube API key fallbacks from
application.yml; resolve them from env vars or an optional, git-ignored
application-local.yml (spring.config.import). Add a tracked
application-local.yml.example template and ignore the real local file.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
hehih 2026-05-31 16:08:26 +09:00
parent 2cdae03998
commit fd8403438e
3 changed files with 18 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -11,6 +11,7 @@ out/
# Secrets (DO NOT COMMIT) # Secrets (DO NOT COMMIT)
src/main/resources/credentials.json src/main/resources/credentials.json
src/main/resources/application-local.yml
tokens/ tokens/
*.log *.log

8
src/main/resources/application-local.yml.example Normal file
View File

@ -0,0 +1,8 @@
# Template for local secrets. Copy to `application-local.yml` (git-ignored)
# and fill in real values, or supply these as environment variables instead.
# application.yml imports application-local.yml optionally and resolves these
# placeholders from it.
DB_URL: jdbc:postgresql://<host>:5432/<db>
DB_USERNAME: <username>
DB_PASSWORD: <password>
YOUTUBE_API_KEY: <youtube-data-api-key>

14
src/main/resources/application.yml
View File

@ -1,11 +1,15 @@
spring: spring:
application: application:
name: h-lab name: h-lab
# Secrets are supplied via environment variables, or a git-ignored
# application-local.yml (see application-local.yml.example). No secrets here.
config:
import: optional:classpath:application-local.yml
datasource: datasource:
url: ${DB_URL:jdbc:postgresql://122.46.74.90:5432/hlab} url: ${DB_URL:}
driverClassName: org.postgresql.Driver driverClassName: org.postgresql.Driver
username: ${DB_USERNAME:hylee} username: ${DB_USERNAME:}
password: ${DB_PASSWORD:hylee123!@#} password: ${DB_PASSWORD:}
jpa: jpa:
database-platform: org.hibernate.dialect.PostgreSQLDialect database-platform: org.hibernate.dialect.PostgreSQLDialect
hibernate: hibernate:
@ -37,10 +41,10 @@ springdoc:
server: server:
port: 8088 port: 8088
# YouTube Data API 키 (환경변수 YOUTUBE_API_KEY 로 오버라이드 가능, 기본값은 기존 키) # YouTube Data API 키 (YOUTUBE_API_KEY 환경변수 또는 application-local.yml 로 주입)
youtube: youtube:
api: api:
key: ${YOUTUBE_API_KEY:AIzaSyB1oh0pahAf0xl0DMRQnuqxrC1uapxHHKk} key: ${YOUTUBE_API_KEY:}
hlab: hlab:
# 정기 자동 수집: 등록 채널의 신규 Shorts 를 주기적으로 수집 # 정기 자동 수집: 등록 채널의 신규 Shorts 를 주기적으로 수집