-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsecure_setup.py
More file actions
156 lines (128 loc) · 4.44 KB
/
secure_setup.py
File metadata and controls
156 lines (128 loc) · 4.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
#!/usr/bin/env python3
"""
Secure setup script for PipeGuard.
Generates secure environment variables and validates configuration.
"""
import os
import secrets
import sys
def generate_secure_env():
"""Generate a secure .env file with proper settings."""
print("🔐 Generating secure environment configuration...")
# Generate secure secret key
secret_key = secrets.token_urlsafe(32)
env_content = f"""# PipeGuard Secure Configuration
# Generated on {os.popen('date').read().strip()}
# ======================
# Security Configuration
# ======================
SECRET_KEY={secret_key}
DEBUG=False
FLASK_ENV=production
# ======================
# GitHub Configuration
# ======================
GITHUB_TOKEN=your_github_personal_access_token_here
GITHUB_USER=your_github_username
GITHUB_REPO=your_repository_name
# ======================
# Google Cloud Configuration
# ======================
GOOGLE_APPLICATION_CREDENTIALS=path/to/your/service-account-key.json
GOOGLE_CLOUD_PROJECT=your-gcp-project-id
# ======================
# Email Notifications (Optional)
# ======================
SMTP_SERVER=smtp.gmail.com
SMTP_PORT=587
EMAIL_USERNAME=your_email@gmail.com
EMAIL_PASSWORD=your_app_password_or_token
FROM_EMAIL=pipeguard-alerts@yourcompany.com
# ======================
# Advanced Monitoring
# ======================
DURATION_WARNING_THRESHOLD=120
DURATION_CRITICAL_THRESHOLD=300
FAILURE_RATE_WARNING=0.1
FAILURE_RATE_CRITICAL=0.2
AUTO_REFRESH_INTERVAL=30
# ======================
# Application Settings
# ======================
FLASK_HOST=0.0.0.0
FLASK_PORT=8080
MAX_RUNS_DISPLAY=20
MAX_ANOMALIES_DISPLAY=10
API_RATE_LIMIT=100
LOG_LEVEL=INFO
"""
# Write to .env file
with open('.env', 'w') as f:
f.write(env_content)
print("✅ Secure .env file generated")
print(f"🔑 Generated SECRET_KEY: {secret_key[:16]}...")
print("⚠️ Please update GitHub credentials and other settings in .env file")
return secret_key
def setup_development_env():
"""Set up environment for secure development."""
print("🛠️ Setting up secure development environment...")
# Set secure environment variables for this session
secret_key = secrets.token_urlsafe(32)
os.environ['SECRET_KEY'] = secret_key
os.environ['DEBUG'] = 'False' # Secure by default
os.environ['FLASK_ENV'] = 'development'
# Set safe demo values
os.environ.setdefault('GITHUB_TOKEN', 'demo_token_for_local_dev')
os.environ.setdefault('GITHUB_USER', 'demo_user')
os.environ.setdefault('GITHUB_REPO', 'demo_repo')
print("✅ Development environment configured securely")
return secret_key
def validate_security():
"""Validate current security configuration."""
print("🔍 Validating security configuration...")
issues = []
# Check SECRET_KEY
secret_key = os.environ.get('SECRET_KEY')
if not secret_key:
issues.append("SECRET_KEY not set")
elif len(secret_key) < 16:
issues.append("SECRET_KEY too short (should be 32+ characters)")
# Check DEBUG mode
debug_mode = os.environ.get('DEBUG', '').lower()
if debug_mode == 'true':
env = os.environ.get('FLASK_ENV', '')
if env == 'production':
issues.append("DEBUG=True in production environment")
# Check for demo/test tokens in production
github_token = os.environ.get('GITHUB_TOKEN', '')
if 'demo' in github_token.lower() or 'test' in github_token.lower():
env = os.environ.get('FLASK_ENV', '')
if env == 'production':
issues.append("Demo/test tokens used in production")
if issues:
print("⚠️ Security validation issues:")
for issue in issues:
print(f" • {issue}")
return False
else:
print("✅ Security validation passed")
return True
def main():
"""Main setup function."""
print("🔒 PipeGuard Secure Setup")
print("=" * 30)
if len(sys.argv) > 1 and sys.argv[1] == '--generate-env':
# Generate .env file
generate_secure_env()
else:
# Set up development environment
setup_development_env()
# Validate security
validate_security()
print("\n🎯 Security Setup Complete!")
print("\nNext steps:")
print("1. Review and update .env file with your actual credentials")
print("2. Run: python security_check.py")
print("3. Run: python run_local.py")
if __name__ == "__main__":
main()