Skip to content

Harden Docker defaults for admin bootstrap and secrets#93

Closed
pparage wants to merge 1 commit into
masterfrom
codex/fix-docker-security-vulnerability
Closed

Harden Docker defaults for admin bootstrap and secrets#93
pparage wants to merge 1 commit into
masterfrom
codex/fix-docker-security-vulnerability

Conversation

@pparage
Copy link
Copy Markdown
Contributor

@pparage pparage commented Apr 15, 2026

Motivation

  • Remove insecure Docker defaults that created a predictable admin/password account and exposed static Flask signing secrets, which allowed remote takeover when the container was run with defaults.
  • Make admin bootstrap and signing material opt-in or configurable so deployed containers do not ship public credentials or fixed SECRET_KEY values.

Description

  • Change entrypoint.sh so flask create_admin runs only when MOSP_ADMIN_PASSWORD is explicitly provided, with optional MOSP_ADMIN_LOGIN and MOSP_ADMIN_EMAIL overrides, instead of always creating admin/password.
  • Update instance/docker.py to import secrets and set SECRET_KEY and SECURITY_PASSWORD_SALT from environment variables with secure random fallbacks via secrets.token_urlsafe(32).
  • Preserve existing behavior for users who explicitly provide SECRET_KEY, SECURITY_PASSWORD_SALT, or MOSP_ADMIN_* environment variables while removing unsafe defaults.

Testing

  • Ran bash -n entrypoint.sh which returned no syntax errors and succeeded.
  • Ran python -m py_compile instance/docker.py which completed successfully with no compilation errors.

Codex Task

@pparage pparage added the codex label Apr 15, 2026
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2763e6b28a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread instance/docker.py
Comment on lines +31 to +32
SECRET_KEY = os.getenv("SECRET_KEY", secrets.token_urlsafe(32))
SECURITY_PASSWORD_SALT = os.getenv("SECURITY_PASSWORD_SALT", secrets.token_urlsafe(32))
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Generate stable secret defaults across workers

SECRET_KEY and SECURITY_PASSWORD_SALT are now generated with secrets.token_urlsafe(32) at import time, so each Gunicorn worker gets different values when env vars are unset. In this repo the entrypoint launches gunicorn --workers 2, so session cookies/CSRF tokens issued by one worker are invalid on requests handled by the other, causing intermittent logouts and form failures in the default Docker deployment. The fallback needs to be process-stable (shared env/file/derived once before workers) rather than per-worker random generation.

Useful? React with 👍 / 👎.

@pparage pparage closed this Apr 16, 2026
@pparage
Copy link
Copy Markdown
Contributor Author

pparage commented Apr 16, 2026

0.18 PR request fixes this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

aardvark codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pparage