11218753ce
Closes #5 of the post-Codex hardening list: * Settings UI now shows a `[set]` (green) or `[unset]` (gray) badge next to every password/key field. Tells the operator at a glance which secrets are configured without ever rendering the value. * SSH key gets a granular source label: `set (environment variable)`, `set (mounted secret)`, or `set (stored in settings DB — prefer a mounted secret in production)`. Same hint copy in the field's help text now actively recommends `/run/secrets/ssh_key` over the textarea. * New `GET /api/v1/settings/redacted` admin-only endpoint dumps every editable setting with secrets replaced by `***`, plus the per-secret status map. Useful for ops triage ("what's actually loaded?") without the secrets ever leaving the container or hitting a transcript. * `POST /api/v1/settings` writes a `settings_secret_changed` audit event whenever a non-empty secret is rotated. Records field names, operator, source IP — never the value. Lets the audit page answer "who rotated the SMTP password last week?". Internal: `_SECRET_FIELDS` constant in routes.py is now the single source of truth for which fields get the redaction / audit treatment. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| components | ||
| audit.html | ||
| dashboard.html | ||
| history.html | ||
| job_detail.html | ||
| job_print.html | ||
| layout.html | ||
| login.html | ||
| settings.html | ||
| stats.html | ||