Skip to content

Flag the dev admin token as insecure at startup#198

Open
LiorFink00 wants to merge 1 commit into
mainfrom
fix/warn-on-default-admin-token
Open

Flag the dev admin token as insecure at startup#198
LiorFink00 wants to merge 1 commit into
mainfrom
fix/warn-on-default-admin-token

Conversation

@LiorFink00

Copy link
Copy Markdown
Collaborator

Closes #197.

THUMPER_ADMIN_TOKEN is fail-closed (no code default — unset disables the management API with a 503). But .env.example ships an obvious dev-admin-token, and insecure_default_tokens() only checked the enroll/install defaults, so a deploy copying the example ran with a publicly-known admin token and no startup warning.

  • config.py: recognize dev-admin-token (the .env.example value) as a known-insecure default and flag it, exactly like enroll/install. An unset token still fails closed — this adds no code default.
  • .env.example: note the value is publicly known and flagged at startup.
  • Tests: admin flagged when set to the dev value, not when overridden, and all-three case.

336 passed locally (TDD: red → green).

THUMPER_ADMIN_TOKEN stays fail-closed (no code default), but .env.example
ships an obvious 'dev-admin-token' value that insecure_default_tokens() did
not flag - so a prod deploy copying it ran with a publicly-known admin token
and no startup warning. Recognize that value alongside the enroll/install
dev defaults; an unset token still disables the API (503).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_016X1cbU86GceaeEGU3trGyB
@LiorFink00 LiorFink00 requested a review from AnguIar July 3, 2026 12:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Default admin token (dev-admin-token) isn't flagged at startup

1 participant