Remove hardcoded API keys and credentials from tracked files

Move RESEND_API_KEY and Listmonk credentials to .env file on the server. No secrets should be committed to the repo. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-08 12:19:40 +00:00 · 2026-02-08 12:19:40 +00:00 · 4e777970cd
parent 67bb61888b
commit 4e777970cd
3 changed files with 7 additions and 7 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -31,7 +31,8 @@ services:
      - DB_POSTGRESDB_USER=n8n
      - DB_POSTGRESDB_PASSWORD=${N8N_DB_PASSWORD:-***REDACTED_DB_PASS***}
      - TWENTY_API_KEY=${TWENTY_API_KEY}
-      - RESEND_API_KEY=${RESEND_API_KEY:-***REDACTED_RESEND_KEY***}
+      - RESEND_API_KEY=${RESEND_API_KEY}
+      - LISTMONK_CREDENTIALS=${LISTMONK_CREDENTIALS}
    volumes:
      - n8n-cosmolocal-data:/home/node/.n8n
    labels:
--- a/n8n-workflows/03-newsletter-sync.json
+++ b/n8n-workflows/03-newsletter-sync.json
@ -97,7 +97,7 @@
          "parameters": [
            {
              "name": "Authorization",
-              "value": "Basic {{ Buffer.from('admin:***REDACTED_LISTMONK_PASS***').toString('base64') }}"
+              "value": "Basic {{ Buffer.from($env.LISTMONK_CREDENTIALS || 'admin:changeme').toString('base64') }}"
            }
          ]
        },
@ -164,7 +164,7 @@
          "parameters": [
            {
              "name": "Authorization",
-              "value": "Basic {{ Buffer.from('admin:***REDACTED_LISTMONK_PASS***').toString('base64') }}"
+              "value": "Basic {{ Buffer.from($env.LISTMONK_CREDENTIALS || 'admin:changeme').toString('base64') }}"
            },
            {
              "name": "Content-Type",
--- a/n8n-workflows/README.md
+++ b/n8n-workflows/README.md
@ -9,11 +9,10 @@ API keys are passed as **Docker environment variables** in `docker-compose.yml`
 | Variable | Description | Where to find |
 |----------|-------------|---------------|
 | `TWENTY_API_KEY` | Twenty CRM API key | crm.cosmolocal.world > Settings > API Keys |
-| `RESEND_API_KEY` | Resend email API key | Already set (or `ssh netcup "cat ~/.resend_credentials"`) |
+| `RESEND_API_KEY` | Resend email API key | `ssh netcup "cat ~/.resend_credentials"` |
+| `LISTMONK_CREDENTIALS` | Listmonk `user:pass` | Internal Docker service credentials |

-To update keys, edit the `environment:` section of the `n8n-cosmolocal` service in `docker-compose.yml` and redeploy.
-
-The Listmonk credentials are hardcoded for internal Docker network access (no external exposure).
+To set keys, create `/opt/websites/cosmolocal-website/.env` on the server and redeploy.

 ## Workflows