emily/video2document
1
0
Fork 0
mirror of https://gitlab.rlp.net/proj-wise2526-video2document/video2document.git synced 2026-06-16 18:31:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update 6 files

Browse Source 
- /src1/main/resources/application.yml
- /src1/main/java/com/v2d/document/config/AppProperties.java
- /src1/main/java/com/v2d/document/service/ExternalApiService.java
- /src1/main/java/com/v2d/document/controller/GenerateController.java
- /src1/test/AppPropertiesTest.java
- /README.md
This commit is contained in:
Aarthi Manivannan, Premanathan Aarthi Manivannan
2025-12-09 17:59:09 +01:00
parent 283b4ed6af
commit 55555bcc37
6 changed files with 154 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+43
View File
@@ -91,3 +91,46 @@ For open source projects, say how it is licensed.
## Project status
If you have run out of energy or time for your project, put a note at the top of the README saying that development has slowed down or stopped completely. Someone may choose to fork your project or volunteer to step in as a maintainer or owner, allowing your project to keep going. You can also make an explicit request for maintainers.
## 🔐 Secure API Key Management (Sprint 4 V2D Document)
This project uses secure environment variables to store and manage all external API keys
(required for LLM/Transcription APIs). No API key is ever committed into the repository.
### ✔ How the API Key Works
The application reads the key from an environment variable named:
`LLM_API_KEY`
Spring Boot loads it automatically using the following configuration in `application.yml`:
### ✔ Local Development (developer machines)
Developers must manually set their API key locally:
### ✔ GitLab CI/CD Setup (secure by default)
To provide the key for all environments securely:
1. Go to **GitLab → Settings → CI/CD → Variables**
2. Add variable:
- **Key:** `LLM_API_KEY`
- **Value:** your real API key
- **Masked:** ✓ Enable
- **Protected:** (optional)
3. Save.
Pipelines will automatically use the secure key without exposing it.
### ✔ Security Guarantees
- The API key is **not stored** in the repository
- `.env` files are ignored through `.gitignore`
- The key is **never printed**, logged, or exposed to users
- Every new user of V2D Document can use the system **without needing their own key**
### ✔ Files Added in This User Story
- `src/main/resources/application.yml`
- `src/main/java/com/v2d/document/config/AppProperties.java`
- `src/main/java/com/v2d/document/service/ExternalApiService.java`
- `src/test/java/com/v2d/document/config/AppPropertiesTest.java`
This completes Sprint 4 User Story: **Backend Secure Management & Storage of API Keys**.