pryscraper/.gitignore
cryptorugmunch 14a59708ee feat(pry): wire secrets_backend.get_secret() into PrySettings for sensitive fields
PrySettings (settings.py) was reading sensitive values (api_key, *_api_key,
webhook_secret) only from PRY_* env vars. The existing secrets_backend
(used by x402.py and auth.py for jwt_secret) supports gopass as the
default backend, so secrets never needed to live in .env.

This commit:
- Adds PrySettings._apply_secrets_backend() in model_post_init
- For each sensitive field with empty current value, calls
  secrets_backend.get_secret(name) and uses the result
- Priority order: secrets_backend.get_secret > env var > field default
- This means `gopass insert -m pry/api_key` now sets the API key
  without touching .env or environment

Tests added (tests/test_secrets_backend_integration.py):
- test_settings_pulls_from_secrets_backend: confirms gopass fills empty fields
- test_x402_constants_come_from_secrets_backend: confirms x402.py honors gopass
- test_settings_does_not_override_set_env: env beats gopass when both set

Tests updated (tests/conftest.py):
- Session-scope fixture sets PRY_SECRET_BACKEND=env to prevent test runs from
  pulling real gopass secrets (which would cause the auth middleware to
  reject unauthenticated test requests)
- Per-test fixture zeros settings.settings.api_key for in-process tests

Audit item 12. Tests: 623 passed, 1 skipped (pre-existing /ready failure
unrelated to this change).
2026-07-06 11:01:08 +02:00

85 lines
2.6 KiB
Text

# ═══════════════════════════════════════════════════════════
# PryScraper — .gitignore (RMI universal + Pry-specific)
# ═══════════════════════════════════════════════════════════
# ── SECRETS (zero tolerance) ────────────────────────────────
.env
.env.*
!.env.example
!.env.template
*.pem
*.key
*.p12
*.pfx
id_rsa
id_ed25519
*.session
credentials.json
service-account.json
wallet.json
vault.json
.secrets/
.rmi/wallets/
# ── Python ──────────────────────────────────────────────────
__pycache__/
*.pyc
*.pyo
.venv/
venv/
*.egg-info/
dist/
build/
.mypy_cache/
.ruff_cache/
.pytest_cache/
htmlcov/
.coverage
.coverage.*
htmlcov/
.coverage
# ── Pry-specific cache ──────────────────────────────────────
.warmed_cookies/
.proxy_cache/
.browser_profiles/
.screenshots/
scraped_data/
# ── Node (extension) ────────────────────────────────────────
node_modules/
.npm/
.pnpm-store/
# ── Docker ──────────────────────────────────────────────────
docker-compose.override.yml
# ── Data (too large for git, use HF S3) ─────────────────────
data/
*.dump
*.rdb
*.dfs
*.tar.gz
!requirements/*.tar.gz
# ── IDE ─────────────────────────────────────────────────────
.vscode/
.idea/
*.swp
*.swo
*~
.DS_Store
# ── OS ──────────────────────────────────────────────────────
Thumbs.db
desktop.ini
# ── Logs ────────────────────────────────────────────────────
*.log
logs/
# ── Cache ───────────────────────────────────────────────────
.cache/
tmp/
*.tmp
validate_live_report.json