calypso/SECRETS-ENV-SETUP.md

# Secrets Environment File Setup
**Tanggal:** 2025-01-09  
**File:** `/etc/calypso/secrets.env`  
**Status:** ✅ **CREATED**

## File Details

- **Location:** `/etc/calypso/secrets.env`
- **Owner:** `root:root`
- **Permissions:** `600` (read/write owner only)
- **Size:** 413 bytes

## Contents

File berisi environment variables untuk Calypso:

1. **CALYPSO_DB_PASSWORD**
   - Database password untuk user PostgreSQL `calypso`
   - Value: `calypso_secure_2025`
   - Length: 19 characters

2. **CALYPSO_JWT_SECRET**
   - JWT secret key untuk authentication tokens
   - Generated: Random base64 string (44 characters)
   - Minimum requirement: 32 characters ✅

## Security

✅ **Permissions:** `600` (read/write owner only)  
✅ **Owner:** `root:root`  
✅ **Location:** `/etc/calypso/` (protected directory)  
✅ **JWT Secret:** Random generated, secure  
⚠️ **Note:** Password default perlu diubah untuk production

## Usage

File ini akan di-load oleh systemd service via `EnvironmentFile` directive:

```ini
[Service]
EnvironmentFile=/etc/calypso/secrets.env
```

Atau bisa di-source manual:
```bash
source /etc/calypso/secrets.env
export CALYPSO_DB_PASSWORD
export CALYPSO_JWT_SECRET
```

## Verification

File sudah diverifikasi:
- ✅ File exists
- ✅ Permissions correct (600)
- ✅ Owner correct (root:root)
- ✅ Variables dapat di-source dengan benar
- ✅ JWT secret length >= 32 characters

## Next Steps

1. ✅ File sudah siap digunakan
2. ⏭️ Calypso API service akan otomatis load file ini
3. ⏭️ Update password untuk production environment (recommended)

## Important Notes

⚠️ **DO NOT:**
- Commit file ini ke version control
- Share file ini publicly
- Use default password in production

✅ **DO:**
- Keep file permissions at 600
- Rotate secrets periodically
- Use strong passwords in production
- Backup securely if needed