Externalize secrets: move jwt.secret and DB creds to env; add .env.example; docs


- Description: Secrets are committed in `application.properties` and `application-build.properties`. Move to environment variables, add `.env.example`, and update README.
- Current state: `jwt.secret` and MySQL creds are hardcoded; `JwtUtil` expects Base64 decoding but the secret in properties looks hex, not Base64.
- Tasks:
  - Replace property usage with env: `JWT_SECRET_BASE64`, `SPRING_DATASOURCE_*`.
  - Provide `.env.example` with commented guidance; ensure `.gitignore` covers `.env`.
  - Update `JwtUtil`/docs to clarify the secret must be Base64.
  - Document production secret management (Docker secrets/K8s, etc.).
- Acceptance criteria:
  - App starts with only `.env` provided; removing secrets from properties does not break dev.
  - README documents required env vars and formats.
- References: `src/main/resources/application*.properties`, `src/main/java/com/hari/gatherspace/config/JwtUtil.java`.



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Externalize secrets: move jwt.secret and DB creds to env; add .env.example; docs #36

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Externalize secrets: move jwt.secret and DB creds to env; add .env.example; docs #36

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions