Move hardcoded secrets to .env, add .env.example

Castopod password, DB password, BunnyCDN keys, Postiz JWT/IDs, and monitoring token all moved to environment variables. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-05 15:19:20 -07:00
parent 0bdac16250
commit 2c7fcdb5ae
6 changed files with 66 additions and 26 deletions
--- a/backend/main.py
+++ b/backend/main.py
@@ -4003,9 +4003,9 @@ def _restore_signalwire_webhook():

 # BunnyCDN config for public on-air status
 _BUNNY_STORAGE_ZONE = "lukeattheroost"
-_BUNNY_STORAGE_KEY = "92749cd3-85df-4cff-938fe35eb994-30f8-4cf2"
+_BUNNY_STORAGE_KEY = os.getenv("BUNNY_STORAGE_KEY", "")
 _BUNNY_STORAGE_REGION = "la"
-_BUNNY_ACCOUNT_KEY = "2865f279-297b-431a-ad18-0ccf1f8e4fa8cf636cea-3222-415a-84ed-56ee195c0530"
+_BUNNY_ACCOUNT_KEY = os.getenv("BUNNY_ACCOUNT_KEY", "")


 def _update_on_air_cdn(on_air: bool):