talk2me

adelorenzo/talk2me

Fork 0

Commit Graph

Author	SHA1	Message	Date
Adolfo Delorenzo	9170198c6c	Add comprehensive secrets management system for secure configuration - Implement encrypted secrets storage with AES-128 encryption - Add secret rotation capabilities with scheduling - Implement comprehensive audit logging for all secret operations - Create centralized configuration management system - Add CLI tool for interactive secret management - Integrate secrets with Flask configuration - Support environment-specific configurations - Add integrity verification for stored secrets - Implement secure key derivation with PBKDF2 Features: - Encrypted storage in .secrets.json - Master key protection with file permissions - Automatic secret rotation scheduling - Audit trail for compliance - Migration from environment variables - Flask CLI integration - Validation and sanitization Security improvements: - No more hardcoded secrets in configuration - Encrypted storage at rest - Secure key management - Access control via authentication - Comprehensive audit logging - Integrity verification CLI commands: - manage_secrets.py init - Initialize secrets - manage_secrets.py set/get/delete - Manage secrets - manage_secrets.py rotate - Rotate secrets - manage_secrets.py audit - View audit logs - manage_secrets.py verify - Check integrity 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-06-03 00:24:03 -06:00
Adolfo Delorenzo	a4ef775731	Implement comprehensive rate limiting to protect against DoS attacks - Add token bucket rate limiter with sliding window algorithm - Implement per-endpoint configurable rate limits - Add automatic IP blocking for excessive requests - Implement global request limits and concurrent request throttling - Add request size validation for all endpoints - Create admin endpoints for rate limit management - Add rate limit headers to responses - Implement cleanup thread for old rate limit buckets - Create detailed rate limiting documentation Rate limits: - Transcription: 10/min, 100/hour, max 10MB - Translation: 20/min, 300/hour, max 100KB - Streaming: 10/min, 150/hour, max 100KB - TTS: 15/min, 200/hour, max 50KB - Global: 1000/min, 10000/hour, 50 concurrent Security features: - Automatic temporary IP blocking (1 hour) for abuse - Manual IP blocking via admin endpoint - Request size validation to prevent large payload attacks - Burst control to limit sudden traffic spikes 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-06-03 00:14:05 -06:00
Adolfo Delorenzo	d010ae9b74	Remove hardcoded API key - CRITICAL SECURITY FIX - Remove hardcoded TTS API key from app.py (major security vulnerability) - Add python-dotenv support for secure environment variable management - Create .env.example with configuration template - Add comprehensive SECURITY.md documentation - Update README with security configuration instructions - Add warning when TTS_API_KEY is not configured - Enhance .gitignore to prevent accidental commits of .env files BREAKING CHANGE: TTS_API_KEY must now be set via environment variable or .env file Security measures: - API keys must be provided via environment variables - Added dotenv support for local development - Clear documentation on secure deployment practices - Multiple .env file patterns in .gitignore 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-06-03 00:06:18 -06:00

Author

SHA1

Message

Date

Adolfo Delorenzo

9170198c6c

Add comprehensive secrets management system for secure configuration

- Implement encrypted secrets storage with AES-128 encryption
- Add secret rotation capabilities with scheduling
- Implement comprehensive audit logging for all secret operations
- Create centralized configuration management system
- Add CLI tool for interactive secret management
- Integrate secrets with Flask configuration
- Support environment-specific configurations
- Add integrity verification for stored secrets
- Implement secure key derivation with PBKDF2

Features:
- Encrypted storage in .secrets.json
- Master key protection with file permissions
- Automatic secret rotation scheduling
- Audit trail for compliance
- Migration from environment variables
- Flask CLI integration
- Validation and sanitization

Security improvements:
- No more hardcoded secrets in configuration
- Encrypted storage at rest
- Secure key management
- Access control via authentication
- Comprehensive audit logging
- Integrity verification

CLI commands:
- manage_secrets.py init - Initialize secrets
- manage_secrets.py set/get/delete - Manage secrets
- manage_secrets.py rotate - Rotate secrets
- manage_secrets.py audit - View audit logs
- manage_secrets.py verify - Check integrity

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-06-03 00:24:03 -06:00

Adolfo Delorenzo

a4ef775731

Implement comprehensive rate limiting to protect against DoS attacks

- Add token bucket rate limiter with sliding window algorithm
- Implement per-endpoint configurable rate limits
- Add automatic IP blocking for excessive requests
- Implement global request limits and concurrent request throttling
- Add request size validation for all endpoints
- Create admin endpoints for rate limit management
- Add rate limit headers to responses
- Implement cleanup thread for old rate limit buckets
- Create detailed rate limiting documentation

Rate limits:
- Transcription: 10/min, 100/hour, max 10MB
- Translation: 20/min, 300/hour, max 100KB
- Streaming: 10/min, 150/hour, max 100KB
- TTS: 15/min, 200/hour, max 50KB
- Global: 1000/min, 10000/hour, 50 concurrent

Security features:
- Automatic temporary IP blocking (1 hour) for abuse
- Manual IP blocking via admin endpoint
- Request size validation to prevent large payload attacks
- Burst control to limit sudden traffic spikes

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-06-03 00:14:05 -06:00

Adolfo Delorenzo

d010ae9b74

Remove hardcoded API key - CRITICAL SECURITY FIX

- Remove hardcoded TTS API key from app.py (major security vulnerability)
- Add python-dotenv support for secure environment variable management
- Create .env.example with configuration template
- Add comprehensive SECURITY.md documentation
- Update README with security configuration instructions
- Add warning when TTS_API_KEY is not configured
- Enhance .gitignore to prevent accidental commits of .env files

BREAKING CHANGE: TTS_API_KEY must now be set via environment variable or .env file

Security measures:
- API keys must be provided via environment variables
- Added dotenv support for local development
- Clear documentation on secure deployment practices
- Multiple .env file patterns in .gitignore

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-06-03 00:06:18 -06:00

3 Commits