fix storage

SECRETS-ENV-SETUP.md

@@ -0,0 +1,77 @@
+# Secrets Environment File Setup
+**Tanggal:** 2025-01-09  
+**File:** `/etc/calypso/secrets.env`  
+**Status:** ✅ **CREATED**
+
+## File Details
+
+- **Location:** `/etc/calypso/secrets.env`
+- **Owner:** `root:root`
+- **Permissions:** `600` (read/write owner only)
+- **Size:** 413 bytes
+
+## Contents
+
+File berisi environment variables untuk Calypso:
+
+1. **CALYPSO_DB_PASSWORD**
+   - Database password untuk user PostgreSQL `calypso`
+   - Value: `calypso_secure_2025`
+   - Length: 19 characters
+
+2. **CALYPSO_JWT_SECRET**
+   - JWT secret key untuk authentication tokens
+   - Generated: Random base64 string (44 characters)
+   - Minimum requirement: 32 characters ✅
+
+## Security
+
+✅ **Permissions:** `600` (read/write owner only)  
+✅ **Owner:** `root:root`  
+✅ **Location:** `/etc/calypso/` (protected directory)  
+✅ **JWT Secret:** Random generated, secure  
+⚠️ **Note:** Password default perlu diubah untuk production
+
+## Usage
+
+File ini akan di-load oleh systemd service via `EnvironmentFile` directive:
+
+```ini
+[Service]
+EnvironmentFile=/etc/calypso/secrets.env
+```
+
+Atau bisa di-source manual:
+```bash
+source /etc/calypso/secrets.env
+export CALYPSO_DB_PASSWORD
+export CALYPSO_JWT_SECRET
+```
+
+## Verification
+
+File sudah diverifikasi:
+- ✅ File exists
+- ✅ Permissions correct (600)
+- ✅ Owner correct (root:root)
+- ✅ Variables dapat di-source dengan benar
+- ✅ JWT secret length >= 32 characters
+
+## Next Steps
+
+1. ✅ File sudah siap digunakan
+2. ⏭️ Calypso API service akan otomatis load file ini
+3. ⏭️ Update password untuk production environment (recommended)
+
+## Important Notes
+
+⚠️ **DO NOT:**
+- Commit file ini ke version control
+- Share file ini publicly
+- Use default password in production
+
+✅ **DO:**
+- Keep file permissions at 600
+- Rotate secrets periodically
+- Use strong passwords in production
+- Backup securely if needed