🔒 Security Hardening: Fix Weak JWT Secrets and SSL Configuration

[Reg-Kris]

Problem

Multiple security configuration issues identified that need immediate attention.

Security Issues

1. Weak JWT Secrets

Current Issues:

• Weak/predictable JWT secrets in multiple files
• JWT_SECRET=pyairtable-jwt-secret-key-development-only (predictable)
• Short secrets that are vulnerable to brute force

Files Affected:

• /Users/kg/IdeaProjects/pyairtable-compose/.env
• /Users/kg/IdeaProjects/pyairtable-compose/auth-service.env

2. Database SSL Disabled

Current Configuration:

DATABASE_URL=postgres://postgres:password@localhost:5432/pyairtable_auth?sslmode=disable

Impact: Unencrypted database traffic, vulnerable to man-in-the-middle attacks

3. Insecure CORS Configuration

Current: CORS_ORIGINS=* (allows any origin)
Risk: Cross-origin attacks, data leakage, CSRF vulnerabilities

4. Default Database Passwords

Current: Using default passwords like "password" in configuration
Risk: Easy credential guessing, unauthorized database access

Recommended Fixes

Generate Strong JWT Secrets

# Generate cryptographically secure JWT secret
openssl rand -base64 64

Enable Database SSL

# Update all database URLs
DATABASE_URL=postgresql://user:password@host:5432/db?sslmode=require

Configure CORS Properly

# Specify allowed origins
CORS_ORIGINS=https://yourdomain.com,https://app.yourdomain.com

Use Strong Database Passwords

# Generate secure password
openssl rand -base64 32

Implementation Checklist

• Generate new JWT secrets (minimum 256-bit)
• Update all database connections to use SSL
• Configure CORS with specific allowed origins
• Replace all default passwords with strong ones
• Implement secret rotation policy
• Add rate limiting configuration
• Set up automated security scanning

Priority: P0 - Critical Security

These vulnerabilities could lead to unauthorized access and data breaches.

Files to Update

• All .env files
• docker-compose.yml
• Service configuration files
• Database connection strings

🤖 Generated with Claude Code