You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description: Secrets are committed in application.properties and application-build.properties. Move to environment variables, add .env.example, and update README.
Current state: jwt.secret and MySQL creds are hardcoded; JwtUtil expects Base64 decoding but the secret in properties looks hex, not Base64.
Tasks:
Replace property usage with env: JWT_SECRET_BASE64, SPRING_DATASOURCE_*.
Provide .env.example with commented guidance; ensure .gitignore covers .env.
Update JwtUtil/docs to clarify the secret must be Base64.
Document production secret management (Docker secrets/K8s, etc.).
Acceptance criteria:
App starts with only .env provided; removing secrets from properties does not break dev.
application.propertiesandapplication-build.properties. Move to environment variables, add.env.example, and update README.jwt.secretand MySQL creds are hardcoded;JwtUtilexpects Base64 decoding but the secret in properties looks hex, not Base64.JWT_SECRET_BASE64,SPRING_DATASOURCE_*..env.examplewith commented guidance; ensure.gitignorecovers.env.JwtUtil/docs to clarify the secret must be Base64..envprovided; removing secrets from properties does not break dev.src/main/resources/application*.properties,src/main/java/com/hari/gatherspace/config/JwtUtil.java.