From 266e300de128057ed1ad01e6068f061ea4d99801 Mon Sep 17 00:00:00 2001 From: Parth Bhatt Date: Sat, 24 Jan 2026 21:30:03 +0530 Subject: [PATCH] Fix: Add missing SECRET_KEY and ALTCHA_HMAC_KEY to docker.env Also added a security warning comment to avoid using default credentials in production. Signed-off-by: Parth Bhatt --- docker.env | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docker.env b/docker.env index bc0c3c9d5..f587e8335 100644 --- a/docker.env +++ b/docker.env @@ -1,8 +1,14 @@ +# WARNING: These are default values for local development only. +# DO NOT use these values in production. Generate proper secret keys. POSTGRES_DB=vulnerablecode + POSTGRES_USER=vulnerablecode POSTGRES_PASSWORD=vulnerablecode VULNERABLECODE_DB_HOST=db VULNERABLECODE_STATIC_ROOT=/var/vulnerablecode/static/ -VULNERABLECODE_REDIS_HOST=vulnerablecode_redis \ No newline at end of file +VULNERABLECODE_REDIS_HOST=vulnerablecode_redis +SECRET_KEY=secret +ALTCHA_HMAC_KEY=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef +# ALTCHA_HMAC_KEY must be a 32-byte (64 hex characters) hexadecimal key; override this value in production.