Infra Fog: Protocol #10641
Infra Fog: Protocol #10641
Conversation
|
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 2460751 | Triggered | Generic High Entropy Secret | 7be2793 | cmd/audiusd/env/prod.env | View secret |
| 2416686 | Triggered | Generic High Entropy Secret | 7be2793 | cmd/audiusd/env/stage.env | View secret |
| 9412812 | Triggered | Generic Password | e237959 | cmd/audiusd/entrypoint.sh | View secret |
| 14086629 | Triggered | Generic Password | e237959 | cmd/audiusd/entrypoint.sh | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
| @@ -320,6 +320,7 @@ func setupNode(logger *common.Logger) (*config.Config, *cconfig.Config, error) { | |||
|
|
|||
| // https://docs.cometbft.com/main/references/config/config.toml#log_level | |||
| cometConfig.LogLevel = envConfig.LogLevel | |||
| logger.Infof("Setting cometConfig.LogLevel = envConfig.LogLevel: %s, %s", cometConfig.LogLevel, envConfig.LogLevel) | |||
There was a problem hiding this comment.
will follow up with a separate logging PR
| **CLOUDFLARE PROXY** | ||
|
|
||
| If you are using Cloudflare Proxy, and want to use auto TLS, you will need to start with DNS-only mode: | ||
| - Configure Cloudflare in DNS-only mode initially (not proxied) | ||
| - Let the node obtain its LetsEncrypt certificate (requires HTTP access) | ||
| - Once certificate is obtained, you can enable Cloudflare proxy | ||
|
|
||
| See Cloudflare [ssl-mode docs](https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes/) for more details. |
| POSTGRES_USER="postgres" | ||
| POSTGRES_PASSWORD="postgres" | ||
| POSTGRES_DATA_DIR=${POSTGRES_DATA_DIR:-/data/postgres} | ||
| export dbUrl="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@localhost:5432/${POSTGRES_DB}?sslmode=disable" |
There was a problem hiding this comment.
Will this not override dbUrl needed for remote postgres, e.g. in dn4?
There was a problem hiding this comment.
good eye!.
yeah i need to come back and work out how to handle discovery.
we will use a much simpler entrypoint control flow there (i.e. skip the entire postgres part of this script) as discovery will still use a pg container.
furthermore, discovery only needs the core app and not all the encoding deps, so we may produce a different docker artifact altogether. that would be say 10mb and not 1.5gb!
[1aed8b5] Infra Fog: Protocol (#10641) endline [1f27a8e] Add non-genesis validators to comet consensus (#10693) Danny [cbcb93d] [PAY-3622] Update encryption patterns and add manager delegation (#10690) Farid Salau [e1fe442] [C-5519, C-5521] Add guest mode UI in claim rewards email (#10697) Dylan Jeffers [05ee385] [C-5520] Add guest checkout UI in purchase and sale emails (#10696) Dylan Jeffers [1811158] aa backfill program (#10645) alecsavvy
Description
A consolidation of efforts to navigate the infra fog that is audius-docker-compose, audius-d, audius-ctl and audiusd.
RELATED
Draws on works from previous PRs and branches namely
Steps to liberation after merging this PR:
How Has This Been Tested?
Ongoing...
Local sync node to various networks
Audius docker compose testing