Extracted secret key to environment variable for improve security (#1)

* fix(config): extracted secret key to environment variable for improved security

* fix: secret key loaded into the "run tests" step

.github/workflows/test.yaml

@@ -34,4 +34,6 @@ jobs:
           python -m pip install -r requirements.txt -r requirements-dev.txt
 
       - name: Run tests
+        env:
+          SECRET_KEY: ${{ secrets.SECRET_KEY }}
         run: python -m pytest -vv

config.py

@@ -6,6 +6,12 @@
 
 load_dotenv()
 
+SECRET_KEY = os.getenv("SECRET_KEY")
+
+if SECRET_KEY is None:
+    logger.error("`SECRET_KEY` environment variable must be set")
+    exit(1)
+
 PORT = int(os.getenv("PORT", 3000))
 HOST = os.getenv("HOST", "127.0.0.1")
 

security/json_web_tokens.py

@@ -4,7 +4,8 @@
 import jwt
 from jwt.exceptions import InvalidTokenError
 
-SECRET_KEY = "534b743934c2b72c5f910b527c84594632c3355b7b7a6d87b97cf2b3d9726550"
+from config import SECRET_KEY
+
 ALGORITHM = "HS256"
 ACCESS_TOKEN_EXPIRE_MINUTES = 30