Config And Secrets

This document describes the current config layout and the intended secret-handling boundary for the Debian deployment.

Current Config Files In Repo

Main runtime config examples live under:

share/conf/db.txt
share/conf/game.txt

These files are part of the runtime tree and are required by the legacy server layout.

Important Security Boundary

The repository currently contains literal config values for legacy compatibility. They must be treated as bootstrap/default values, not as a safe long-term secret store.

Practical rule:

do not treat git-tracked config files as the final production secret source of truth

What Should Not Live In Git

Do not commit:

production DB passwords
real admin page passwords
host-specific private tokens
private SSH material
per-environment override files with live secrets

Current Operational Model

For the current Debian VPS:

root-only operational wrappers may inject short-lived values locally
headless login healthcheck uses a temporary password via environment, not a command-line literal
the installed wrapper is root-only and not network-facing

Admin Page Password

The source repository now supports hardening for the admin page password. The long-term goal should be:

no implicit production default
host-local secret injection
explicit runtime validation

Recommended Direction

The Debian deployment should eventually move to a clearer contract such as:

git-tracked template/default files
host-local env file or secret file owned by root
documented override points

Until that is done, keep all real secret rotation and secret overrides on the host, not in commits.

1.7 KiB Raw Blame History