cmd/main: PREVENT_INSECURE_STARTUP option
adamdecaf opened this issue · 1 comments
adamdecaf commented
Customers Version: v0.5.0-dev
What were you trying to do?
The Customers service is starting to have several security-sensitive configuration knobs. With the default being insecure values this means one of them could be missed and operators are unaware they've missed a configuration.
What did you expect to see?
A configuration option that will panic/crash if insecure (e.g. default) configuration is used.
adamdecaf commented
I thought of this just now, so we'd be checking for the following values.
- empty SSN_SECRET_KEY
- empty TRANSIT_LOCAL_BASE64_KEY
- empty DOCUMENTS_SECRET_KEY
- empty FILEBLOB_HMAC_SECRET (if used)
- empty APP_SALT