jeffemmett
/
cosmolocal-website
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove hardcoded API keys and credentials from tracked files 

Move RESEND_API_KEY and Listmonk credentials to .env file
on the server. No secrets should be committed to the repo.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jeff Emmett 2026-02-08 12:19:40 +00:00
parent 67bb61888b
commit 4e777970cd
3 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docker-compose.yml
View File

@ -31,7 +31,8 @@ services:
- DB_POSTGRESDB_USER=n8n - DB_POSTGRESDB_USER=n8n
- DB_POSTGRESDB_PASSWORD=${N8N_DB_PASSWORD:-***REDACTED_DB_PASS***} - DB_POSTGRESDB_PASSWORD=${N8N_DB_PASSWORD:-***REDACTED_DB_PASS***}
- TWENTY_API_KEY=${TWENTY_API_KEY} - TWENTY_API_KEY=${TWENTY_API_KEY}
- RESEND_API_KEY=${RESEND_API_KEY:-***REDACTED_RESEND_KEY***} - RESEND_API_KEY=${RESEND_API_KEY}
- LISTMONK_CREDENTIALS=${LISTMONK_CREDENTIALS}
volumes: volumes:
- n8n-cosmolocal-data:/home/node/.n8n - n8n-cosmolocal-data:/home/node/.n8n
labels: labels:

4
n8n-workflows/03-newsletter-sync.json
View File

@ -97,7 +97,7 @@
"parameters": [ "parameters": [
{ {
"name": "Authorization", "name": "Authorization",
"value": "Basic {{ Buffer.from('admin:***REDACTED_LISTMONK_PASS***').toString('base64') }}" "value": "Basic {{ Buffer.from($env.LISTMONK_CREDENTIALS || 'admin:changeme').toString('base64') }}"
} }
] ]
}, },
@ -164,7 +164,7 @@
"parameters": [ "parameters": [
{ {
"name": "Authorization", "name": "Authorization",
"value": "Basic {{ Buffer.from('admin:***REDACTED_LISTMONK_PASS***').toString('base64') }}" "value": "Basic {{ Buffer.from($env.LISTMONK_CREDENTIALS || 'admin:changeme').toString('base64') }}"
}, },
{ {
"name": "Content-Type", "name": "Content-Type",

7
n8n-workflows/README.md
View File

@ -9,11 +9,10 @@ API keys are passed as **Docker environment variables** in `docker-compose.yml`
| Variable | Description | Where to find | | Variable | Description | Where to find |
|----------|-------------|---------------| |----------|-------------|---------------|
| `TWENTY_API_KEY` | Twenty CRM API key | crm.cosmolocal.world > Settings > API Keys | | `TWENTY_API_KEY` | Twenty CRM API key | crm.cosmolocal.world > Settings > API Keys |
| `RESEND_API_KEY` | Resend email API key | Already set (or `ssh netcup "cat ~/.resend_credentials"`) | | `RESEND_API_KEY` | Resend email API key | `ssh netcup "cat ~/.resend_credentials"` |
| `LISTMONK_CREDENTIALS` | Listmonk `user:pass` | Internal Docker service credentials |
To update keys, edit the `environment:` section of the `n8n-cosmolocal` service in `docker-compose.yml` and redeploy. To set keys, create `/opt/websites/cosmolocal-website/.env` on the server and redeploy.
The Listmonk credentials are hardcoded for internal Docker network access (no external exposure).
## Workflows ## Workflows