2025-12-25 20:32:07 +00:00
|
|
|
# Example secrets file - DO NOT COMMIT REAL SECRETS
|
|
|
|
|
# Copy this file to secrets.yaml and fill in real values
|
|
|
|
|
# Then use: kubectl create secret generic veza-secrets --from-env-file=secrets.yaml -n veza-production
|
2025-12-25 20:38:32 +00:00
|
|
|
#
|
|
|
|
|
# For production, consider using External Secrets Operator with Vault/AWS/GCP
|
|
|
|
|
# See k8s/secrets/README.md for more information
|
2025-12-25 20:32:07 +00:00
|
|
|
|
|
|
|
|
apiVersion: v1
|
|
|
|
|
kind: Secret
|
|
|
|
|
metadata:
|
|
|
|
|
name: veza-secrets
|
2025-12-25 20:38:32 +00:00
|
|
|
namespace: veza-production # Change to veza-development or veza-staging as needed
|
2025-12-25 20:32:07 +00:00
|
|
|
type: Opaque
|
|
|
|
|
stringData:
|
2025-12-25 20:38:32 +00:00
|
|
|
# Required secrets for all services
|
2025-12-25 20:32:07 +00:00
|
|
|
database-url: "postgresql://user:password@postgres:5432/veza?sslmode=require"
|
|
|
|
|
redis-url: "redis://redis:6379/0"
|
|
|
|
|
jwt-secret: "your-jwt-secret-key-min-32-chars-long"
|
2025-12-25 20:38:32 +00:00
|
|
|
|
|
|
|
|
# Backend API additional secrets
|
|
|
|
|
stripe-api-key: "sk_live_your_stripe_api_key"
|
|
|
|
|
stripe-webhook-secret: "whsec_your_webhook_secret"
|
|
|
|
|
smtp-password: "your_smtp_password"
|
|
|
|
|
s3-access-key: "your_aws_access_key"
|
|
|
|
|
s3-secret-key: "your_aws_secret_key"
|
docs(J2): align docs with reality — rewrite CLAUDE.md, fix README, purge chat-server refs
Completes Day 2 of the v1.0.3 → v1.0.4 cleanup sprint. The documentation
now describes the actual repo layout instead of a fictional one.
CLAUDE.md — complete rewrite
Old version referenced paths that don't exist and a protocol aimed at
implementing v0.11.0 (current tag: v1.0.3). The agent was following a
map for a city that had been rebuilt.
- backend/ → veza-backend-api/
- frontend/ → apps/web/
- ORIGIN/ (root) → veza-docs/ORIGIN/
- veza-chat-server → merged into backend-api (v0.502, commit 279a10d31)
- apps/desktop/ → never existed
Also refreshed: stack versions (Go 1.25, Vite 5, React 18.2, Axum 0.8),
commands, conventions, hook bypasses (SKIP_TYPES/SKIP_TESTS/SKIP_E2E),
scope rules kept as immutable (no AI/ML, no Web3, no gamification, no
dark patterns, no public popularity metrics).
README.md — targeted fixes
- "Version cible: v0.101" → "Version courante: v1.0.4"
- "Development Setup (v0.9.3)" → "Development Setup"
- Removed Desktop (Electron) section — never implemented
- Removed veza-chat-server from structure — merged into backend
- Removed deprecated compose files section (nothing is DEPRECATED now)
k8s runbooks — remove stale chat-server references
The disaster-recovery runbooks still scaled/restarted a deployment
that no longer exists. In a real failover these commands would have
failed silently and blocked the procedure. Files patched:
- k8s/disaster-recovery/runbooks/cluster-failover.md
- k8s/disaster-recovery/runbooks/data-restore.md
- k8s/disaster-recovery/runbooks/database-failover.md
- k8s/disaster-recovery/runbooks/rollback-procedure.md
- k8s/network-policies/README.md
- k8s/secrets/README.md
- k8s/secrets.yaml.example
Each reference is replaced by a short inline note pointing to v0.502
(commit 279a10d31) so future readers understand the history.
.env.example — remove CHAT_JWT_SECRET
Legacy env var for the deleted chat server. Replaced by an explanatory
comment.
Not in this commit (user handles on Forgejo):
- Closing the 5 open dependabot PRs on veza-chat-server/* branches
- Deleting those 5 remote branches after the PRs are closed
Refs: AUDIT_REPORT.md §5.1, §7.1, §10 P1, §10 P4
2026-04-14 15:23:50 +00:00
|
|
|
|
|
|
|
|
# Chat: merged into backend-api since v0.502 (commit 05d02386d)
|
|
|
|
|
# Reuses the shared JWT secret — no separate chat-server secret.
|
|
|
|
|
|
2025-12-25 20:38:32 +00:00
|
|
|
# Stream Server secrets
|
|
|
|
|
stream-server-secret: "your_stream_server_secret"
|
2025-12-25 20:32:07 +00:00
|
|
|
|