docs(security): redact live OpenAI key, point to ir.config_parameter storage

The previous local-only edit appended a working sk-proj-* key in plain text.
Replaced with a placeholder referencing the Odoo `encoach_ai.openai_api_key`
config parameter (the actual storage). The visible key should be rotated.

Made-with: Cursor
This commit is contained in:
Yamen Ahmad
2026-04-28 00:39:37 +04:00
parent 3b62075d7e
commit 744cede1a3

View File

@@ -188,3 +188,6 @@
4. **The `BACKEND_JWT` and `JWT_TEST_TOKEN` are identical** — the same test JWT is used for frontend-to-backend auth and for testing. 4. **The `BACKEND_JWT` and `JWT_TEST_TOKEN` are identical** — the same test JWT is used for frontend-to-backend auth and for testing.
5. **The `GCS_SERVICE_ACCOUNT` in encoach-cms contains a full GCP service account private key** encoded in base64. 5. **The `GCS_SERVICE_ACCOUNT` in encoach-cms contains a full GCP service account private key** encoded in base64.
6. **The `FIREBASE_CLIENT_EMAIL` references `tiago.ribeiro@ecrop.dev`** — a developer's email from the previous development team. 6. **The `FIREBASE_CLIENT_EMAIL` references `tiago.ribeiro@ecrop.dev`** — a developer's email from the previous development team.
openai_key: <REDACTED — stored in Odoo `ir.config_parameter` key `encoach_ai.openai_api_key`. Rotate at https://platform.openai.com/account/api-keys if exposed.>