CalvinBackup/Shadowbroker
1
0
Fork 0
mirror of https://github.com/BigBodyCobain/Shadowbroker.git synced 2026-04-29 14:35:57 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
v0.9.0
Shadowbroker/DOCKER_SECRETS.md
T
anoracleofra-code fc9eff865e v0.9.0: in-app auto-updater, ship toggle split, stable entity IDs, performance fixes 
New features:
- In-app auto-updater with confirmation dialog, manual download fallback,
  restart polling, and protected file safety net
- Ship layers split into 4 independent toggles (Military/Carriers, Cargo/Tankers,
  Civilian, Cruise/Passenger) with per-category counts
- Stable entity IDs using MMSI/callsign instead of volatile array indices
- Dismissible threat alert bubbles (session-scoped, survives data refresh)

Performance:
- GDELT title fetching is now non-blocking (background enrichment)
- Removed duplicate startup fetch jobs
- Docker healthcheck start_period 15s → 90s

Bug fixes:
- Removed fake intelligence assessment generator (OSINT-only policy)
- Fixed carrier tracker GDELT 429/TypeError crash
- Fixed ETag collision (full payload hash)
- Added concurrent /api/refresh guard

Contributors: @imqdcr (ship split + stable IDs), @csysp (dismissible alerts, PR #48)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Former-commit-id: a2c4c67da54345393f70a9b33b52e7e4fd6c049f
2026-03-13 11:32:16 -06:00

2.0 KiB
Raw Permalink Blame History

Docker Secrets

The backend supports Docker Swarm secrets so you never have to put API keys in environment variables or .env files.

How it works

At startup (before any service modules are imported), main.py checks a list of secret-capable variables. For each variable VAR, if the environment variable VAR_FILE is set (typically /run/secrets/VAR), the file is read, its content is trimmed, and the result is injected into os.environ[VAR]. All downstream code sees a normal environment variable.

Supported variables

Variable Purpose
AIS_API_KEY AISStream.io WebSocket key
OPENSKY_CLIENT_ID OpenSky Network client ID
OPENSKY_CLIENT_SECRET OpenSky Network client secret
LTA_ACCOUNT_KEY Singapore LTA DataMall key
CORS_ORIGINS Allowed CORS origins (comma-separated)

docker-compose.yml example

services:
  backend:
    build:
      context: ./backend
    environment:
      - AIS_API_KEY_FILE=/run/secrets/AIS_API_KEY
      - OPENSKY_CLIENT_ID_FILE=/run/secrets/OPENSKY_CLIENT_ID
      - OPENSKY_CLIENT_SECRET_FILE=/run/secrets/OPENSKY_CLIENT_SECRET
      - LTA_ACCOUNT_KEY_FILE=/run/secrets/LTA_ACCOUNT_KEY
    secrets:
      - AIS_API_KEY
      - OPENSKY_CLIENT_ID
      - OPENSKY_CLIENT_SECRET
      - LTA_ACCOUNT_KEY

secrets:
  AIS_API_KEY:
    file: ./secrets/ais_api_key.txt
  OPENSKY_CLIENT_ID:
    file: ./secrets/opensky_client_id.txt
  OPENSKY_CLIENT_SECRET:
    file: ./secrets/opensky_client_secret.txt
  LTA_ACCOUNT_KEY:
    file: ./secrets/lta_account_key.txt

Each secret file should contain only the raw key value (whitespace is trimmed).

Notes

  • The secrets loop runs before any FastAPI service imports, so modules that read os.environ at import time see the injected values.
  • Missing or empty secret files log a warning; the backend still starts.
  • You can mix approaches: use _FILE for some keys and plain env vars for others.
Reference in New Issue View Git Blame Copy Permalink