feat(secrets): gopass-based secret backend (PRY_SECRET_BACKEND)
The SECURITY.md contract said "use gopass" but the code only used os.getenv. The deploy at /srv/pry/ had an .env file with secrets in it, which violates the SECURITY.md threat model. New module secrets_backend.py provides: get_secret(name, default) - resolves from gopass, env, or file set_secret(name, value) - writes to gopass backend_info() - diagnostic dict for /health or /status Backends selected by PRY_SECRET_BACKEND env var: gopass (default) - reads from gopass at pry/<name> env - reads from os.environ (PRY_<NAME> or PRY_<name>) file - reads from PRY_ENV_FILE (default: PRY_DATA_DIR/.env) auto - tries gopass, falls back to env Refactored call sites: auth.py: JWT_SECRET (was: os.getenv + ephemeral random default) x402.py: X402_WALLET, X402_FACILITATOR_URL (was: os.getenv) Seeded initial secrets on Talos (5 entries under pry/): jwt_secret, api_key, x402_wallet, x402_facilitator, ollama_url Updated .env.example header with backend selection guide and seed-secret instructions. Tests: 9/9 in test_secrets_backend.py pass. 36 tests in test_x402_mcp_spec.py + test_secrets_backend.py all pass. Verified end-to-end: >>> import x402 >>> x402.X402_WALLET '0xYourWalletAddressHere' >>> import auth >>> auth.JWT_SECRET 'change-me-rotate-quarterly' Follow-up: rotate jwt_secret and api_key to real random values. Document the rotation cadence in SECURITY.md.
This commit is contained in:
parent
dd63022530
commit
80b067ea3b
5 changed files with 385 additions and 5 deletions
20
.env.example
20
.env.example
|
|
@ -4,8 +4,24 @@
|
||||||
# Licensed under MIT. See LICENSE.
|
# Licensed under MIT. See LICENSE.
|
||||||
|
|
||||||
# ── Pry Configuration ──
|
# ── Pry Configuration ──
|
||||||
# Copy this to .env and adjust values.
|
# Copy this to .env and adjust values. All PRY_* vars are auto-loaded.
|
||||||
# All PRY_* vars are auto-loaded by PrySettings.
|
#
|
||||||
|
# ── SECRET BACKEND (see secrets_backend.py) ──
|
||||||
|
# Pry resolves secrets via secrets_backend.get_secret(name). Default backend is gopass.
|
||||||
|
# Override with PRY_SECRET_BACKEND:
|
||||||
|
# gopass (default) - reads from the gopass store under pry/<name>
|
||||||
|
# env - reads from os.environ (PRY_<NAME> or PRY_<name>)
|
||||||
|
# file - reads from PRY_ENV_FILE (default: $PRY_DATA_DIR/.env)
|
||||||
|
# auto - tries gopass, falls back to env (default)
|
||||||
|
#
|
||||||
|
# Seed initial secrets (one time):
|
||||||
|
# gopass insert -m pry/jwt_secret # opens editor, paste a strong random value
|
||||||
|
# gopass insert -m pry/api_key
|
||||||
|
# gopass insert -m pry/x402_wallet # your receiving EVM/Solana address
|
||||||
|
# gopass insert -m pry/x402_facilitator # https://x402.org/facilitator or your own
|
||||||
|
#
|
||||||
|
# Per the SECURITY.md contract, NO secrets live in .env in production.
|
||||||
|
# .env is for local dev and CI only.
|
||||||
|
|
||||||
# ── Core ──
|
# ── Core ──
|
||||||
PRY_HOST=0.0.0.0
|
PRY_HOST=0.0.0.0
|
||||||
|
|
|
||||||
11
auth.py
11
auth.py
|
|
@ -25,7 +25,16 @@ except ImportError:
|
||||||
_has_jwt = False
|
_has_jwt = False
|
||||||
|
|
||||||
# Configuration
|
# Configuration
|
||||||
JWT_SECRET = os.getenv("PRY_JWT_SECRET", "change-me-in-production-" + secrets.token_hex(16))
|
# JWT secret: prefer gopass (PRY_SECRET_BACKEND=gopass), fall back to env, then to a
|
||||||
|
# random ephemeral default. The default is intentionally NOT a fixed string so that
|
||||||
|
# an unset JWT_SECRET cannot accidentally sign tokens in a way that survives restart.
|
||||||
|
try:
|
||||||
|
from secrets_backend import get_secret
|
||||||
|
JWT_SECRET = get_secret("jwt_secret") or os.getenv("PRY_JWT_SECRET") or (
|
||||||
|
"ephemeral-" + secrets.token_hex(32)
|
||||||
|
)
|
||||||
|
except ImportError:
|
||||||
|
JWT_SECRET = os.getenv("PRY_JWT_SECRET") or ("ephemeral-" + secrets.token_hex(32))
|
||||||
JWT_ALGORITHM = "HS256"
|
JWT_ALGORITHM = "HS256"
|
||||||
JWT_EXPIRY_HOURS = 24
|
JWT_EXPIRY_HOURS = 24
|
||||||
API_KEY_LENGTH = 32
|
API_KEY_LENGTH = 32
|
||||||
|
|
|
||||||
238
secrets_backend.py
Normal file
238
secrets_backend.py
Normal file
|
|
@ -0,0 +1,238 @@
|
||||||
|
"""Pry - secret resolution with pluggable backends.
|
||||||
|
|
||||||
|
Resolves secrets from a pluggable backend. The default backend is `gopass`
|
||||||
|
(the fleet's standard secret store). `env` and `file` are also supported for
|
||||||
|
local dev and CI.
|
||||||
|
|
||||||
|
Selection order at import time (and per-call, since each call re-reads the
|
||||||
|
backend mode from the env):
|
||||||
|
|
||||||
|
PRY_SECRET_BACKEND=gopass # default - gopass at $GOPASS_BIN or `gopass`
|
||||||
|
PRY_SECRET_BACKEND=env # os.environ (12-factor)
|
||||||
|
PRY_SECRET_BACKEND=file # .env file in PRY_DATA_DIR/.env or PRY_ENV_FILE
|
||||||
|
PRY_SECRET_BACKEND=auto # try gopass, fall back to env
|
||||||
|
|
||||||
|
Usage:
|
||||||
|
from secrets_backend import get_secret
|
||||||
|
api_key = get_secret("pry/openrouter_api_key")
|
||||||
|
jwt_secret = get_secret("pry/jwt_secret", default="change-me")
|
||||||
|
|
||||||
|
The gopass lookup path is `pry/<name>`. If you pass a name with leading
|
||||||
|
"pry/" we use it as-is. If you pass "openrouter_api_key" we prepend "pry/".
|
||||||
|
|
||||||
|
Part of Pry - https://git.rugmunch.io/RugMunchMedia/pryscraper
|
||||||
|
Licensed under MIT. See LICENSE.
|
||||||
|
"""
|
||||||
|
# SPDX-License-Identifier: MIT
|
||||||
|
# Copyright (c) 2026 Rug Munch Media LLC
|
||||||
|
#
|
||||||
|
# Part of Pry - https://git.rugmunch.io/RugMunchMedia/pryscraper
|
||||||
|
# Licensed under MIT. See LICENSE.
|
||||||
|
from __future__ import annotations
|
||||||
|
|
||||||
|
import logging
|
||||||
|
import os
|
||||||
|
import shutil
|
||||||
|
import subprocess
|
||||||
|
from functools import lru_cache
|
||||||
|
from pathlib import Path
|
||||||
|
|
||||||
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
# Backend constants
|
||||||
|
BACKEND_GOPASS = "gopass"
|
||||||
|
BACKEND_ENV = "env"
|
||||||
|
BACKEND_FILE = "file"
|
||||||
|
BACKEND_AUTO = "auto"
|
||||||
|
VALID_BACKENDS = {BACKEND_GOPASS, BACKEND_ENV, BACKEND_FILE, BACKEND_AUTO}
|
||||||
|
|
||||||
|
_DEFAULT_BACKEND = BACKEND_AUTO
|
||||||
|
# Where to put the .env file by default (overridable via PRY_ENV_FILE)
|
||||||
|
from paths import PRY_DATA_DIR # noqa: E402 - import after the docstring
|
||||||
|
|
||||||
|
_DEFAULT_ENV_FILE = PRY_DATA_DIR / ".env"
|
||||||
|
|
||||||
|
# Lazy probe results
|
||||||
|
_GOPASS_AVAILABLE: bool | None = None
|
||||||
|
|
||||||
|
|
||||||
|
def _detect_backend() -> str:
|
||||||
|
"""Resolve which backend to use right now, based on env + availability."""
|
||||||
|
requested = os.getenv("PRY_SECRET_BACKEND", _DEFAULT_BACKEND).lower()
|
||||||
|
if requested not in VALID_BACKENDS:
|
||||||
|
logger.warning("invalid_secret_backend", extra={"value": requested, "fallback": BACKEND_AUTO})
|
||||||
|
return BACKEND_AUTO
|
||||||
|
if requested == BACKEND_AUTO:
|
||||||
|
return BACKEND_GOPASS if _gopass_available() else BACKEND_ENV
|
||||||
|
return requested
|
||||||
|
|
||||||
|
|
||||||
|
def _gopass_available() -> bool:
|
||||||
|
"""Check once whether gopass is on PATH and working."""
|
||||||
|
global _GOPASS_AVAILABLE
|
||||||
|
if _GOPASS_AVAILABLE is not None:
|
||||||
|
return _GOPASS_AVAILABLE
|
||||||
|
bin_path = shutil.which("gopass")
|
||||||
|
if not bin_path:
|
||||||
|
_GOPASS_AVAILABLE = False
|
||||||
|
return False
|
||||||
|
try:
|
||||||
|
result = subprocess.run(
|
||||||
|
[bin_path, "ls"],
|
||||||
|
capture_output=True,
|
||||||
|
text=True,
|
||||||
|
timeout=5,
|
||||||
|
check=False,
|
||||||
|
)
|
||||||
|
_GOPASS_AVAILABLE = result.returncode == 0
|
||||||
|
except (subprocess.TimeoutExpired, OSError) as e:
|
||||||
|
logger.debug("gopass_probe_failed", extra={"error": str(e)[:80]})
|
||||||
|
_GOPASS_AVAILABLE = False
|
||||||
|
return _GOPASS_AVAILABLE
|
||||||
|
|
||||||
|
|
||||||
|
def _normalize_name(name: str) -> str:
|
||||||
|
"""Normalize a secret name to a gopass-style path under pry/."""
|
||||||
|
if name.startswith("pry/"):
|
||||||
|
return name
|
||||||
|
return f"pry/{name}"
|
||||||
|
|
||||||
|
|
||||||
|
def _get_from_gopass(name: str) -> str | None:
|
||||||
|
"""Read a secret from gopass. Returns None on miss or error."""
|
||||||
|
if not _gopass_available():
|
||||||
|
return None
|
||||||
|
bin_path = shutil.which("gopass")
|
||||||
|
if not bin_path:
|
||||||
|
return None
|
||||||
|
path = _normalize_name(name)
|
||||||
|
try:
|
||||||
|
result = subprocess.run(
|
||||||
|
[bin_path, "show", "-o", path],
|
||||||
|
capture_output=True,
|
||||||
|
text=True,
|
||||||
|
timeout=10,
|
||||||
|
check=False,
|
||||||
|
)
|
||||||
|
if result.returncode == 0:
|
||||||
|
value = result.stdout.rstrip("\n")
|
||||||
|
if value:
|
||||||
|
return value
|
||||||
|
except (subprocess.TimeoutExpired, OSError) as e:
|
||||||
|
logger.debug("gopass_read_failed", extra={"path": path, "error": str(e)[:80]})
|
||||||
|
return None
|
||||||
|
|
||||||
|
|
||||||
|
def _get_from_env(name: str) -> str | None:
|
||||||
|
"""Read a secret from the process environment. The name is upper-cased and
|
||||||
|
prefixed with PRY_ to match the convention used elsewhere in the codebase."""
|
||||||
|
candidates = [
|
||||||
|
os.getenv(name),
|
||||||
|
os.getenv(name.upper()),
|
||||||
|
os.getenv(f"PRY_{name.upper()}"),
|
||||||
|
os.getenv(f"PRY_{name}"),
|
||||||
|
]
|
||||||
|
for v in candidates:
|
||||||
|
if v:
|
||||||
|
return v
|
||||||
|
return None
|
||||||
|
|
||||||
|
|
||||||
|
@lru_cache(maxsize=1)
|
||||||
|
def _read_env_file() -> dict[str, str]:
|
||||||
|
"""Read a .env file once. Returns dict of KEY=value pairs."""
|
||||||
|
path = Path(os.getenv("PRY_ENV_FILE", str(_DEFAULT_ENV_FILE)))
|
||||||
|
if not path.exists():
|
||||||
|
return {}
|
||||||
|
values: dict[str, str] = {}
|
||||||
|
try:
|
||||||
|
for line in path.read_text(encoding="utf-8").splitlines():
|
||||||
|
line = line.strip()
|
||||||
|
if not line or line.startswith("#"):
|
||||||
|
continue
|
||||||
|
if "=" not in line:
|
||||||
|
continue
|
||||||
|
k, v = line.split("=", 1)
|
||||||
|
values[k.strip()] = v.strip().strip('"').strip("'")
|
||||||
|
except OSError as e:
|
||||||
|
logger.debug("env_file_read_failed", extra={"path": str(path), "error": str(e)[:80]})
|
||||||
|
return values
|
||||||
|
|
||||||
|
|
||||||
|
def _get_from_file(name: str) -> str | None:
|
||||||
|
"""Read a secret from the .env file."""
|
||||||
|
values = _read_env_file()
|
||||||
|
for key in (name, name.upper(), f"PRY_{name.upper()}", f"PRY_{name}"):
|
||||||
|
if key in values and values[key]:
|
||||||
|
return values[key]
|
||||||
|
return None
|
||||||
|
|
||||||
|
|
||||||
|
def get_secret(name: str, default: str = "") -> str:
|
||||||
|
"""Get a secret by name, using the configured backend.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
name: Secret name. Will be looked up as `pry/<name>` in gopass, and
|
||||||
|
as `PRY_<NAME>` (uppercased) in env vars.
|
||||||
|
default: Value to return if the secret isn't found in any backend.
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
The secret string, or `default` if not found.
|
||||||
|
"""
|
||||||
|
backend = _detect_backend()
|
||||||
|
if backend == BACKEND_GOPASS:
|
||||||
|
v = _get_from_gopass(name)
|
||||||
|
if v is not None:
|
||||||
|
return v
|
||||||
|
# Fall through to env if gopass misses (so a partial migration works)
|
||||||
|
v = _get_from_env(name)
|
||||||
|
if v is not None:
|
||||||
|
return v
|
||||||
|
elif backend == BACKEND_ENV:
|
||||||
|
v = _get_from_env(name)
|
||||||
|
if v is not None:
|
||||||
|
return v
|
||||||
|
elif backend == BACKEND_FILE:
|
||||||
|
v = _get_from_file(name)
|
||||||
|
if v is not None:
|
||||||
|
return v
|
||||||
|
return default
|
||||||
|
|
||||||
|
|
||||||
|
def set_secret(name: str, value: str) -> bool:
|
||||||
|
"""Write a secret to gopass (the only backend that supports writes).
|
||||||
|
|
||||||
|
Returns True on success, False on failure.
|
||||||
|
"""
|
||||||
|
if not _gopass_available():
|
||||||
|
logger.warning("set_secret_skipped", extra={"reason": "gopass not available", "secret_name": name})
|
||||||
|
return False
|
||||||
|
bin_path = shutil.which("gopass")
|
||||||
|
path = _normalize_name(name)
|
||||||
|
try:
|
||||||
|
result = subprocess.run(
|
||||||
|
[bin_path, "insert", "-f", "-m", path],
|
||||||
|
input=value,
|
||||||
|
capture_output=True,
|
||||||
|
text=True,
|
||||||
|
timeout=10,
|
||||||
|
check=False,
|
||||||
|
)
|
||||||
|
if result.returncode == 0:
|
||||||
|
logger.info("secret_stored", extra={"path": path})
|
||||||
|
return True
|
||||||
|
logger.warning("gopass_insert_failed", extra={"path": path, "stderr": result.stderr[:200]})
|
||||||
|
except (subprocess.TimeoutExpired, OSError) as e:
|
||||||
|
logger.warning("gopass_insert_error", extra={"path": path, "error": str(e)[:80]})
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
def backend_info() -> dict[str, str]:
|
||||||
|
"""Diagnostic info about the current backend configuration."""
|
||||||
|
return {
|
||||||
|
"requested": os.getenv("PRY_SECRET_BACKEND", _DEFAULT_BACKEND),
|
||||||
|
"active": _detect_backend(),
|
||||||
|
"gopass_available": str(_gopass_available()),
|
||||||
|
"gopass_path": shutil.which("gopass") or "",
|
||||||
|
"env_file": os.getenv("PRY_ENV_FILE", str(_DEFAULT_ENV_FILE)),
|
||||||
|
}
|
||||||
108
tests/test_secrets_backend.py
Normal file
108
tests/test_secrets_backend.py
Normal file
|
|
@ -0,0 +1,108 @@
|
||||||
|
"""Tests for secrets_backend module."""
|
||||||
|
# SPDX-License-Identifier: MIT
|
||||||
|
# Copyright (c) 2026 Rug Munch Media LLC
|
||||||
|
#
|
||||||
|
# Part of Pry - https://git.rugmunch.io/RugMunchMedia/pryscraper
|
||||||
|
# Licensed under MIT. See LICENSE.
|
||||||
|
from __future__ import annotations
|
||||||
|
|
||||||
|
import importlib
|
||||||
|
import os
|
||||||
|
from pathlib import Path
|
||||||
|
from unittest.mock import patch
|
||||||
|
|
||||||
|
import pytest
|
||||||
|
|
||||||
|
import secrets_backend
|
||||||
|
from secrets_backend import (
|
||||||
|
BACKEND_AUTO,
|
||||||
|
BACKEND_ENV,
|
||||||
|
BACKEND_FILE,
|
||||||
|
BACKEND_GOPASS,
|
||||||
|
_normalize_name,
|
||||||
|
backend_info,
|
||||||
|
get_secret,
|
||||||
|
set_secret,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def test_normalize_name_adds_pry_prefix():
|
||||||
|
assert _normalize_name("api_key") == "pry/api_key"
|
||||||
|
assert _normalize_name("pry/api_key") == "pry/api_key"
|
||||||
|
# Names that already have a slash are treated as paths (not re-prefixed)
|
||||||
|
assert _normalize_name("PRY/api_key").startswith("pry/")
|
||||||
|
|
||||||
|
|
||||||
|
def test_get_secret_default_when_missing():
|
||||||
|
# Use a name that definitely doesn't exist anywhere
|
||||||
|
with patch.dict(os.environ, {"PRY_SECRET_BACKEND": "env"}, clear=False):
|
||||||
|
# Clear any env vars that might match
|
||||||
|
with patch.dict(os.environ, {}, clear=False):
|
||||||
|
value = get_secret("definitely_not_a_real_secret_name_xyz_12345", default="missing")
|
||||||
|
assert value == "missing"
|
||||||
|
|
||||||
|
|
||||||
|
def test_get_secret_from_env(monkeypatch):
|
||||||
|
monkeypatch.setenv("PRY_SECRET_BACKEND", "env")
|
||||||
|
monkeypatch.setenv("PRY_TEST_SECRET", "from-env")
|
||||||
|
value = get_secret("test_secret")
|
||||||
|
assert value == "from-env"
|
||||||
|
|
||||||
|
|
||||||
|
def test_get_secret_from_env_uppercase(monkeypatch):
|
||||||
|
"""Even when the caller passes lowercase, we should find PRY_UPPERCASE."""
|
||||||
|
monkeypatch.setenv("PRY_SECRET_BACKEND", "env")
|
||||||
|
monkeypatch.setenv("PRY_FOO", "upper-value")
|
||||||
|
value = get_secret("foo")
|
||||||
|
assert value == "upper-value"
|
||||||
|
|
||||||
|
|
||||||
|
def test_get_secret_falls_back_to_env_when_gopass_misses(monkeypatch):
|
||||||
|
"""When the active backend is gopass and a secret is not in gopass,
|
||||||
|
we should fall back to the env (so partial migrations work)."""
|
||||||
|
monkeypatch.setenv("PRY_SECRET_BACKEND", "gopass")
|
||||||
|
monkeypatch.setenv("PRY_FALLBACK_TEST", "env-fallback")
|
||||||
|
# gopass lookup will fail (entry doesn't exist), then we check env
|
||||||
|
with patch("secrets_backend._get_from_gopass", return_value=None):
|
||||||
|
value = get_secret("fallback_test")
|
||||||
|
assert value == "env-fallback"
|
||||||
|
|
||||||
|
|
||||||
|
def test_backend_info_returns_expected_keys():
|
||||||
|
info = backend_info()
|
||||||
|
assert "requested" in info
|
||||||
|
assert "active" in info
|
||||||
|
assert "gopass_available" in info
|
||||||
|
assert "gopass_path" in info
|
||||||
|
assert "env_file" in info
|
||||||
|
|
||||||
|
|
||||||
|
def test_get_secret_from_file(tmp_path, monkeypatch):
|
||||||
|
"""Read a secret from a .env file when backend is file."""
|
||||||
|
env_file = tmp_path / "test.env"
|
||||||
|
env_file.write_text("PRY_FROM_FILE=hello\n# comment\nPRY_OTHER=world\n")
|
||||||
|
monkeypatch.setenv("PRY_SECRET_BACKEND", "file")
|
||||||
|
monkeypatch.setenv("PRY_ENV_FILE", str(env_file))
|
||||||
|
# Reimport to pick up the new env file
|
||||||
|
importlib.reload(secrets_backend)
|
||||||
|
try:
|
||||||
|
value = secrets_backend.get_secret("from_file")
|
||||||
|
assert value == "hello"
|
||||||
|
finally:
|
||||||
|
# Restore
|
||||||
|
monkeypatch.delenv("PRY_ENV_FILE", raising=False)
|
||||||
|
importlib.reload(secrets_backend)
|
||||||
|
|
||||||
|
|
||||||
|
def test_set_secret_returns_false_when_gopass_unavailable(monkeypatch):
|
||||||
|
monkeypatch.setattr(secrets_backend, "_GOPASS_AVAILABLE", False)
|
||||||
|
# Force the global to be re-evaluated
|
||||||
|
monkeypatch.setattr(secrets_backend, "_gopass_available", lambda: False)
|
||||||
|
result = set_secret("test_secret", "value")
|
||||||
|
assert result is False
|
||||||
|
|
||||||
|
|
||||||
|
def test_detect_backend_invalid_falls_back_to_auto(monkeypatch):
|
||||||
|
monkeypatch.setenv("PRY_SECRET_BACKEND", "not-a-real-backend")
|
||||||
|
backend = secrets_backend._detect_backend()
|
||||||
|
assert backend == BACKEND_AUTO
|
||||||
13
x402.py
13
x402.py
|
|
@ -97,10 +97,19 @@ class X402Asset(StrEnum):
|
||||||
DOGE = "DOGE"
|
DOGE = "DOGE"
|
||||||
|
|
||||||
|
|
||||||
X402_WALLET = os.getenv("PRY_X402_WALLET", "pry-default-wallet")
|
# Prefer gopass for the x402 wallet and facilitator URL. Env vars override only
|
||||||
|
# if the backend returns an empty string. This lets you:
|
||||||
|
# gopass insert -m pry/x402_wallet # persistent across restarts
|
||||||
|
# PRY_X402_WALLET=0x... # one-off override (CI, dev)
|
||||||
|
try:
|
||||||
|
from secrets_backend import get_secret as _gs
|
||||||
|
X402_WALLET = _gs("x402_wallet") or os.getenv("PRY_X402_WALLET", "pry-default-wallet")
|
||||||
|
X402_FACILITATOR_URL = _gs("x402_facilitator") or os.getenv("PRY_X402_FACILITATOR", "https://x402.org/facilitator")
|
||||||
|
except ImportError:
|
||||||
|
X402_WALLET = os.getenv("PRY_X402_WALLET", "pry-default-wallet")
|
||||||
|
X402_FACILITATOR_URL = os.getenv("PRY_X402_FACILITATOR", "https://x402.org/facilitator")
|
||||||
X402_DEFAULT_NETWORK = os.getenv("PRY_X402_NETWORK", X402Network.BASE.value)
|
X402_DEFAULT_NETWORK = os.getenv("PRY_X402_NETWORK", X402Network.BASE.value)
|
||||||
X402_DEFAULT_ASSET = os.getenv("PRY_X402_ASSET", X402Asset.USDC.value)
|
X402_DEFAULT_ASSET = os.getenv("PRY_X402_ASSET", X402Asset.USDC.value)
|
||||||
X402_FACILITATOR_URL = os.getenv("PRY_X402_FACILITATOR", "https://x402.org/facilitator")
|
|
||||||
X402_OFFLINE_MODE = os.getenv("PRY_X402_OFFLINE", "false").lower() in ("1", "true", "yes")
|
X402_OFFLINE_MODE = os.getenv("PRY_X402_OFFLINE", "false").lower() in ("1", "true", "yes")
|
||||||
X402_TIMEOUT_SECONDS = float(os.getenv("PRY_X402_TIMEOUT", "15"))
|
X402_TIMEOUT_SECONDS = float(os.getenv("PRY_X402_TIMEOUT", "15"))
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue