Skip to content

security: remove hardcoded secret fallbacks and Railway URLs#8

Merged
realityinspector merged 1 commit intomainfrom
security/harden-secrets
Mar 13, 2026
Merged

security: remove hardcoded secret fallbacks and Railway URLs#8
realityinspector merged 1 commit intomainfrom
security/harden-secrets

Conversation

@realityinspector
Copy link
Collaborator

@realityinspector realityinspector commented Mar 13, 2026

Changes

  • Remove default fallback values for SESSION_SECRET, MASTER_WALLET_SECRET, NODE_PRIVATE_KEY, NODE_PUBLIC_KEY — all must come from env vars
  • Remove Railway auto-domain (proteus-production-6213.up.railway.app) from README, ARCHITECTURE, ROADMAP, Firebase guide
  • Add wallet backup files to .gitignore

Railway env vars (SESSION_SECRET, MASTER_WALLET_SECRET, NODE_PRIVATE_KEY, NODE_PUBLIC_KEY) are already set.

@realityinspector realityinspector merged commit edba4d9 into main Mar 13, 2026
3 of 4 checks passed
@realityinspector
security: remove hardcoded secret fallbacks, Railway URLs, add wallet…
c51ece8 
… gitignore

- Remove default fallback values for SESSION_SECRET, MASTER_WALLET_SECRET,
  NODE_PRIVATE_KEY, NODE_PUBLIC_KEY — these must come from env vars
- Remove Railway auto-domain from README, ARCHITECTURE, ROADMAP, Firebase guide
- Add wallet backup files to .gitignore
realityinspector pushed a commit that referenced this pull request Mar 15, 2026
Merge pull request #8 from timepointai/security/harden-secrets
6602ea2 
security: remove hardcoded secret fallbacks and Railway URLs
@realityinspector realityinspector deleted the security/harden-secrets branch March 15, 2026 14:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@realityinspector