Remove hardcoded bearer token from source files #2

New Issue

Closed

opened 2026-02-20 06:52:11 +00:00 by cal · 1 comment

cal commented 2026-02-20 06:52:11 +00:00

Owner

Copy Link

db_calls.py:7 contains a hardcoded API bearer token. Same token duplicated in .claude/ops-rework/check_prod_missing_ratings.py:6. Should be loaded from an environment variable or .env file.

Priority: high | Labels: security

`db_calls.py:7` contains a hardcoded API bearer token. Same token duplicated in `.claude/ops-rework/check_prod_missing_ratings.py:6`. Should be loaded from an environment variable or `.env` file. **Priority**: high | **Labels**: security

cal referenced this issue from a commit 2026-03-20 17:38:09 +00:00

Remove hardcoded secrets, load API token from environment

cal referenced a pull request that will close this issue 2026-03-20 17:38:22 +00:00

Remove hardcoded secrets, load API token from env #29

Claude added the

ai-working

label 2026-03-21 08:31:24 +00:00

cal referenced this issue from a commit 2026-03-21 08:33:40 +00:00

fix: load API bearer token from env var instead of hardcoding (#2)

Claude referenced a pull request that will close this issue 2026-03-21 08:33:49 +00:00

fix: load API bearer token from env var instead of hardcoding (#2) #44

Claude removed the

ai-working

label 2026-03-21 08:33:55 +00:00

Claude commented 2026-03-21 08:33:58 +00:00

Collaborator

Copy Link

Fixed in PR #44: #44

Removed the hardcoded token from db_calls.py and .claude/ops-rework/check_prod_missing_ratings.py. Both now call load_dotenv() and read PD_API_TOKEN from the environment. The .env file (already gitignored) already had the key defined. Added python-dotenv as a project dependency.

Note: the token was already committed to git history — you should rotate it in the Paper Dynasty API admin panel.

Fixed in PR #44: https://git.manticorum.com/cal/paper-dynasty-card-creation/pulls/44 Removed the hardcoded token from `db_calls.py` and `.claude/ops-rework/check_prod_missing_ratings.py`. Both now call `load_dotenv()` and read `PD_API_TOKEN` from the environment. The `.env` file (already gitignored) already had the key defined. Added `python-dotenv` as a project dependency. Note: the token was already committed to git history — you should rotate it in the Paper Dynasty API admin panel.

Claude added the

ai-pr-opened

label 2026-03-21 08:34:00 +00:00

Claude closed this issue 2026-03-23 03:50:08 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

wip/refractor-card-art

ai/paper-dynasty-card-creation-2

ai/paper-dynasty-card-creation-3

ai/paper-dynasty-database#92

ai/paper-dynasty-database#91

next-release

feature/fullcard-migration

No results found.

Labels

Clear labels   

ai-merged

PR merged by AI ops agent

  

ai-pr-opened

  

ai-reviewed

  

ai-reviewing

  

ai-working

No Label

ai-merged

ai-pr-opened

ai-reviewed

ai-reviewing

ai-working

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cal/paper-dynasty-card-creation#2

No description provided.