Backend Configuration Secrets Validation #151
Description
Because our backend configuration uses the pydantic settings class, we can add field validators that raise an exception if the app is being started with default values for secrets that should be changed. This would prevent users from accidentally using insecure setups.
Example:
class AuthSettings(BaseSettings):
"""Authentication settings."""
model_config = SETTINGS_CONFIG
ADMIN_PASSWORD: str = "admin123" # noqa: S105 (Default)
# ...
@field_validator("ADMIN_PASSWORD")
@classmethod
def validate_admin_password(cls, v: str) -> str:
"""Ensures the default admin password is changed."""
if v == "ChangeMe123!":
raise ValueError(
"Insecure ADMIN_PASSWORD: Please change the default admin password."
)
return v