1.7 KiB
1.7 KiB
Config And Secrets
This document describes the current config layout and the intended secret-handling boundary for the Debian deployment.
Current Config Files In Repo
Main runtime config examples live under:
share/conf/db.txtshare/conf/game.txt
These files are part of the runtime tree and are required by the legacy server layout.
Important Security Boundary
The repository currently contains literal config values for legacy compatibility. They must be treated as bootstrap/default values, not as a safe long-term secret store.
Practical rule:
- do not treat git-tracked config files as the final production secret source of truth
What Should Not Live In Git
Do not commit:
- production DB passwords
- real admin page passwords
- host-specific private tokens
- private SSH material
- per-environment override files with live secrets
Current Operational Model
For the current Debian VPS:
- root-only operational wrappers may inject short-lived values locally
- headless login healthcheck uses a temporary password via environment, not a command-line literal
- the installed wrapper is root-only and not network-facing
Admin Page Password
The source repository now supports hardening for the admin page password. The long-term goal should be:
- no implicit production default
- host-local secret injection
- explicit runtime validation
Recommended Direction
The Debian deployment should eventually move to a clearer contract such as:
- git-tracked template/default files
- host-local env file or secret file owned by root
- documented override points
Until that is done, keep all real secret rotation and secret overrides on the host, not in commits.