LengKundee/MQL5-Google-Onedrive
LengKundee/MQL5-Google-Onedrive
0
0
Fork 1
mirror of https://github.com/A6-9V/MQL5-Google-Onedrive.git synced 2026-04-10 20:40:56 +00:00
Code Issues Projects Releases 1 Packages Activity Actions
MQL5-Google-Onedrive/docs/Secrets_Management.md
copilot-swe-agent[bot] e1d193b6f9 Security fix: Replace real credentials with placeholders in docs and examples 
Co-authored-by: Mouy-leng <199350297+Mouy-leng@users.noreply.github.com>
2026-02-08 04:15:17 +00:00

71 lines
2.3 KiB
Markdown
Raw Permalink Blame History

# Secrets Management Guide
This guide explains how to manage sensitive information (API keys, tokens, etc.) in this repository.
## Local Secrets
### 1. `.env` File
You can use a `.env` file for local development and automation.
- **File**: `.env` (copy from `.env.example`)
- **Status**: Gitignored (never committed)
- **Usage**: Automatically loaded by many scripts or can be sourced in shell.
### 2. `config/vault.json`
A more structured way to store credentials, used by specific scripts like `scripts/load_vault.py`.
- **File**: `config/vault.json`
- **Status**: Gitignored (never committed)
- **Template**: See `config/vault.json.example`
- **Structure**:
```json
{
"cloudflare": {
"zone_id": "your_zone_id",
"account_id": "your_account_id",
"domain": "your_domain.com"
},
"telegram_bot": {
"name": "t.me/your_bot_name",
"token": "your_bot_token_here",
"api": "your_bot_token_here",
"allowed_user_ids": [123456789],
"webhook_url": "https://core.telegram.org/bots/api"
},
"github": {
"pat": "your_github_personal_access_token_here"
}
}
```
## GitHub Secrets
GitHub Secrets are used for CI/CD workflows (GitHub Actions).
### Required Secrets
- `RCLONE_CONFIG_B64`: Required for OneDrive sync.
- `CLOUDFLARE_ZONE_ID`: Required for Cloudflare automation.
- `CLOUDFLARE_ACCOUNT_ID`: Required for Cloudflare automation.
- `DOMAIN_NAME`: Required for domain management.
### Optional Secrets
- `SCRSOR`: Firefox Relay API key.
- `COPILOT`: Firefox Relay API key.
- `TELEGRAM_BOT_TOKEN`: For Telegram notifications.
## Automation Tools
### Setting GitHub Secrets Automatically
If you have the [GitHub CLI (gh)](https://cli.github.com/) installed and authenticated, you can use the provided script to upload your local secrets to GitHub:
```bash
# Upload from vault.json (default)
bash scripts/set_github_secrets.sh vault
# Upload from .env
bash scripts/set_github_secrets.sh env
```
## Best Practices
1. **Never commit secrets**: Always verify that your secret files are listed in `.gitignore`.
2. **Use placeholders**: When adding new secrets, update `.env.example` with placeholders.
3. **Rotate regularly**: Change your API keys and tokens periodically.
4. **Minimal permissions**: Create API tokens with the minimum required scopes.
Reference in a new issue View git blame Copy permalink