Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

refactor(runtime): prefer env-backed secrets at runtime

Browse Source
This commit is contained in:
Hartmut Nörenberg
2026-03-30 19:17:32 +02:00
parent 4f5d410b94
commit fed7aa5b61
13 changed files with 532 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/api/src/lib/system-settings-runtime.ts
+41
View File
@@ -0,0 +1,41 @@
type RuntimeAwareSystemSettings = {
aiProvider?: string | null;
azureOpenAiApiKey?: string | null;
azureDalleApiKey?: string | null;
geminiApiKey?: string | null;
smtpPassword?: string | null;
anonymizationSeed?: string | null;
};
function readEnvOverride(...names: string[]): string | null {
for (const name of names) {
const value = process.env[name]?.trim();
if (value) {
return value;
}
}
return null;
}
function resolvePrimaryAiApiKey(provider: string | null | undefined): string | null {
if (provider === "azure") {
return readEnvOverride("AZURE_OPENAI_API_KEY", "OPENAI_API_KEY");
}
return readEnvOverride("OPENAI_API_KEY", "AZURE_OPENAI_API_KEY");
}
export function resolveSystemSettingsRuntime<T extends RuntimeAwareSystemSettings>(
settings: T | null | undefined,
): T & Required<Pick<RuntimeAwareSystemSettings, "azureOpenAiApiKey" | "azureDalleApiKey" | "geminiApiKey" | "smtpPassword" | "anonymizationSeed">> {
const resolved = { ...(settings ?? {}) } as T & Required<Pick<RuntimeAwareSystemSettings, "azureOpenAiApiKey" | "azureDalleApiKey" | "geminiApiKey" | "smtpPassword" | "anonymizationSeed">>;
resolved.azureOpenAiApiKey = resolvePrimaryAiApiKey(resolved.aiProvider) ?? settings?.azureOpenAiApiKey ?? null;
resolved.azureDalleApiKey = readEnvOverride("AZURE_DALLE_API_KEY") ?? settings?.azureDalleApiKey ?? null;
resolved.geminiApiKey = readEnvOverride("GEMINI_API_KEY") ?? settings?.geminiApiKey ?? null;
resolved.smtpPassword = readEnvOverride("SMTP_PASSWORD") ?? settings?.smtpPassword ?? null;
resolved.anonymizationSeed = readEnvOverride("ANONYMIZATION_SEED") ?? settings?.anonymizationSeed ?? null;
return resolved;
}