Assignment1 leepeihui22004781: Secure Externalized Configuration & System Decoupling #5
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updated database initialization and decoupled credentials using environment variables. Injected secrets from .env file for improved security.
Added database credentials and API secrets to .env file.
Add .env to .gitignore to exclude environment variables
Revert back to the original deans-deploy/deans-api/docker-compose.yaml from the repository (last edited 7 years ago) https://github.com/Deans-CMS/deans-api/blob/master/docker-compose.yaml
Refactor docker-compose to use .env for DB and service configurations, improving consistency and security.
Decoupled sensitive settings such as SECRET_KEY, database credentials, and NOTIFICATION_SERVICE_URL to read from environment variables.
Refactor cron.py to use Django settings for URLs and improve code structure.
…<-> deans-frontend)
Modified config files to make Docker able to run the application Changes: - Specified Python 3.6 to be compatible with Django - Added PASSWORD env to docker postgres and specified version 9.6 for postgres - Enabled frontend image in Docker and changed pointer to 0.0.0.0 instead of localhost so device browser can open it.
Fixed front-end couldn't connect to back-end: 1. Setup DB timezone to UTC. 2. Specified psycopg2-binary in requirements.txt to use version 2.8-2.9 3. Ensured nginx points to the correct proxy pass.
PeiHui369
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request: Secure Externalized Configuration & System Decoupling
1. Addressed Issues
The Dean's Crisis Management System suffered from critical Security and Maintainability flaws that directly impacted system stability and developer workflow.
High-Severity Startup Failure (Tightly Coupled DB): The deployment setup failed to initialize the PostgreSQL database locally because the
docker-compose.yamldid not define the requiredPOSTGRES_PASSWORD. This issue made the repository non-functional out-of-the-box and prevented local development.High-Risk Secret Exposure: The Django Core API's
SECRET_KEYwas hardcoded in plaintext withindeans-api/settings.py, which is a severe security vulnerability that exposes private credentials in the public version control history.Tightly Coupled Communication: Inter-service communication, specifically the scheduled report delivery in
deans-api/api/cron.py, relied on a hardcoded URL (http://notification:8000/reports/). This tightly coupled the application logic to a specific network address, hindering flexibility and maintenance.2. What Was Reengineered
The task focused on restructuring the configuration management by moving away from hardcoded secrets and values and into a secure, externalized system, adhering to the 12-Factor App methodology for configuration. This constituted a significant refactoring of the application's configuration spine.
.envand.gitignore.envfile to serve as the secure, local source for secrets (DJANGO_SECRET_KEY) and dynamic parameters (POSTGRES_*,NOTIFICATION_SERVICE_URL). Updated.gitignoreto prevent commitment, eliminating the plaintext exposure risk.docker-compose.yamldbservice with environment variables (e.g.,${POSTGRES_PASSWORD}). Enabled Injection: Addedenv_file: .envto theweb,db, andcronservices to securely inject configurations from the uncommitted file.settings.pySECRET_KEYstring with a dynamic call toos.environ.get('DJANGO_SECRET_KEY'). Credential Decoupling: Refactored theDATABASESconfiguration block to read all connection parameters (NAME,USER,PASSWORD) from the environment, ensuring the API consumes its credentials securely.api/cron.pyurl = "http://notification:8000/reports/") with a dynamic reference tof"{settings.NOTIFICATION_SERVICE_URL}/reports/". This abstracts the network address, completing the decoupling of the Core API's scheduling mechanism.Configuration Decoupling:
The system's architecture was formally decoupled by establishing environment variables as the single source of truth for dependencies. This transition is essential for making the system production-ready and scalable.
settings.pyDJANGO_SECRET_KEYin.envsettings.pyanddocker-compose.yamlPOSTGRES_DB/USER/PASSWORDin external.envapi/cron.pyNOTIFICATION_SERVICE_URLinsettings.py(read from.env)3. Reengineering Strategy/Approach Used
3.1 Reverse Engineering
Analysis: Systematically inspected
docker-compose.yamlanddeans-opi/settings.pyto pinpoint the hardcoded values (A:SECRET_KEYstring, B: missingPOSTGRES_PASSWORD) and locate the tightly coupled network call indeans-opi/api/cron.py.Diagnosis: Confirmed that the startup failure stemmed from a deployment configuration flaw (missing environment variable) and not an application bug.
3.2 Alteration/Restructuring
Design Shift: The core configuration model was restructured from Insecure, Tightly-Coupled Configuration to Secure, Decoupled Environment Configuration.
Decoupling Contract: Formalized a contract mandating all services must consume secrets and dynamic parameters (
DJANGO_SECRET_KEY,POSTGRES_*,NOTIFICATION_SERVICE_URL) from the external environment, thereby eliminating the reliance on committed code for connection details.3.3 Forward Engineering
The implementation involved modular, targeted changes to replace the flawed configuration logic:
deans-deploy/env/.gitignore: Created.env(stores secrets) and ensured it is listed in.gitignoreto implement the security fix.docker-compose.yaml: Implemented Fix A: Added the environment block to thedbservice using${POSTGRES_PASSWORD}and addedenv_file: .envto inject secrets across all services.settings.py: Implemented Fix B: Replaced the hardcodedSECRET_KEYand database credentials withos.environ.get()calls.api/cron.py: Implemented Fix C: Replaced the hardcoded URL string withf"{settings.NOTIFICATION_SERVICE_URL}/reports/", completing the decoupling of interservice communication.4. Impact of Changes
The changes provide immediate, measurable improvements across stability, security, and maintainability.
SECRET_KEYexposed in plaintext insettings.py..envfile via environment injection.cron.py..envfile.Summary and Conclusion
This reengineering task, Secure and Decouple API Configuration, successfully converted a brittle, insecure application startup process into a stable, modern one. By rigorously applying Reverse Engineering to diagnose the plaintext secrets and startup failures, followed by Alteration/Restructuring to mandate environment-based configuration, the final Forward Engineering implementation fixed critical flaws in the deployment (docker-compose.yaml) and application code (settings.py, cron.py). This work significantly raised the system's security posture and its maintainability index.