feat: chiffrement AES-256-GCM des secrets + lecture env

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-04 20:58:04 +02:00
parent a3f728b5ba
commit feb136ffc1
3 changed files with 64 additions and 0 deletions
@@ -0,0 +1,18 @@
+// server/env.ts
+function required(name: string): string {
+  const v = process.env[name];
+  if (!v) throw new Error(`Variable d'environnement manquante: ${name}`);
+  return v;
+}
+
+export const env = {
+  masterKeyHex: process.env.SU_MASTER_KEY ?? "",
+  dbPath: process.env.SU_DB_PATH ?? "./data/system-update.db",
+  reportsDir: process.env.SU_REPORTS_DIR ?? "./reports",
+  port: Number(process.env.SU_PORT ?? 8787),
+  requireMasterKey(): string {
+    const k = required("SU_MASTER_KEY");
+    if (k.length !== 64) throw new Error("SU_MASTER_KEY doit faire 64 caractères hex (32 octets).");
+    return k;
+  },
+};