Skip to content

Use secret key base from env

Ghost User requested to merge use-secret-base-from-env into develop

We should be using a value from the environment instead of a hardcoded value that's going to be readable once the project is open-sourced. This is a potential attack vector.

The env value might need to be changed to avoid problems.

Related to https://git.fpfis.eu/future-of-europe/dife-decidim-fluxcd/-/merge_requests/6

Edited by Ghost User

Merge request reports