🔧(backend) force a valid key for token storage in development mode

Set a valid Ferney for OIDC_STORE_REFRESH_TOKEN_KEY in env.d/development/common
Add .gitguardian.yaml configuration to ignore this key.

Signed-off-by: Fabre Florian <[email protected]>

Author: joehybird

.gitguardian.yaml

@@ -0,0 +1,5 @@
+secret:
+  ignored_matches:
+  - name:
+    match: "na1hhus-OLhq9mb9SO3R-8E4dONuMnqpZSY_SX8xcFk="
+version: 2

env.d/development/common

@@ -55,7 +55,7 @@ OIDC_STORE_REFRESH_TOKEN = True # Store the encrypted refresh token in the sessi
 
 # Must be a valid Fernet key (32 url-safe base64-encoded bytes)
 # To create one, use the bin/fernetkey command.
-# OIDC_STORE_REFRESH_TOKEN_KEY="your-32-byte-encryption-key=="
+OIDC_STORE_REFRESH_TOKEN_KEY = "na1hhus-OLhq9mb9SO3R-8E4dONuMnqpZSY_SX8xcFk="
 
 # AI
 AI_FEATURE_ENABLED=true

src/backend/impress/settings.py

@@ -18,7 +18,6 @@
 
 import sentry_sdk
 from configurations import Configuration, values
-from cryptography.fernet import Fernet
 from csp.constants import NONE
 from lasuite.configuration.values import SecretFileValue
 from sentry_sdk.integrations.django import DjangoIntegration
@@ -945,14 +944,6 @@ class Development(Base):
         },
     }
 
-    # There is no key for token storage in default configuration.
-    # In development environment we can create one if needed.
-    OIDC_STORE_REFRESH_TOKEN_KEY = values.Value(
-        default=Fernet.generate_key().decode(),
-        environ_name="OIDC_STORE_REFRESH_TOKEN_KEY",
-        environ_prefix=None,
-    )
-
     def __init__(self):
         # pylint: disable=invalid-name
         self.INSTALLED_APPS += ["django_extensions", "drf_spectacular_sidecar"]