Rockachopa/Timmy-time-dashboard
1
0
Fork 2
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity

sec: add startup warnings for default L402 secrets

Browse Source 
- payment_handler.py: warn when L402_HMAC_SECRET uses default value
- l402_proxy.py: warn when L402_MACAROON_SECRET uses default value
- .env.example: document L402_HMAC_SECRET, L402_MACAROON_SECRET, and
  LIGHTNING_BACKEND with generation instructions

These warnings ensure operators are alerted before deploying with
insecure default secrets.
This commit is contained in:
Manus AI
2026-02-21 13:46:12 -05:00
parent 2e055635a8
commit f2481010f9
3 changed files with 29 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.env.example
View File

@@ -21,3 +21,14 @@
# AirLLM model size (default: 70b).
# 8b ~16 GB RAM | 70b ~140 GB RAM | 405b ~810 GB RAM
# AIRLLM_MODEL_SIZE=70b
# ── L402 Lightning secrets ───────────────────────────────────────────────────
# HMAC secret for invoice verification. MUST be changed in production.
# Generate with: python3 -c "import secrets; print(secrets.token_hex(32))"
# L402_HMAC_SECRET=<your-secret-here>
# HMAC secret for macaroon signing. MUST be changed in production.
# L402_MACAROON_SECRET=<your-secret-here>
# Lightning backend: "mock" (default) | "lnd"
# LIGHTNING_BACKEND=mock