ge-aerospace/udc-parser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden secrets handling: env-var DB password + defensive .gitignore

Browse Source 
Move hardcoded 'rootpassword' default in parser/{config,backfill_changeover,
clmparser,udcparser}.py behind os.environ.get('SHOPDB_DB_PASSWORD',
'rootpassword'). Add defensive patterns (.env, *.key, *.pem, id_rsa*,
secrets.*, etc.) to .gitignore across all project repos.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
cproudlock
2026-04-17 12:50:12 -04:00
parent 0f78f76410
commit ccd29d9e4b
5 changed files with 30 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
parser/clmparser.py
View File

@@ -35,13 +35,14 @@ from mysql.connector import Error
try:
from config import DB_CONFIG, CLM_DATA_PATH, BATCH_SIZE
except ImportError:
import os
import platform
IS_WINDOWS = platform.system() == 'Windows'
DB_CONFIG = {
'host': '127.0.0.1',
'port': 3306,
'user': 'root',
'password': 'rootpassword',
'password': os.environ.get('SHOPDB_DB_PASSWORD', 'rootpassword'),
'database': 'shopdb'
}
CLM_DATA_PATH = r'S:\SPC\UDC\CLM_Data' if IS_WINDOWS else '/home/camp/projects/UDC/CLM_Data'