보안 강화: DB 자격증명(AppKey, Secret) 및 세션토큰(Access Token) 암호화 저장 구현 (AES-GCM/CBC), .env 정리

2026-02-03 00:08:15 +09:00
parent 4f0cc05f39
commit ed8fc0943b
15 changed files with 131 additions and 30 deletions
--- a/backend/.env.example
+++ b/backend/.env.example
@@ -4,11 +4,10 @@ HOST=0.0.0.0

 # Security
 ALLOWED_HOSTS=["kis.tindevil.com", "localhost", "127.0.0.1"]
-SECRET_KEY=change_this_to_a_secure_random_string
+SECRET_KEY=dlrjtdmsQlalfzlfksmsep@wkf!wkf!ahfmrpTdj$#

 # Database
 DATABASE_URL=sqlite+aiosqlite:///./kis_stock.db

-# KIS API (Optional here, managed in DB mostly)
-# KIS_APP_KEY=
-# KIS_APP_SECRET=
+# Security
+SECRET_KEY=change_this_to_a_secure_random_string_min_32_chars