security: move hardcoded passwords to .env, fix file permissions

- Move ROA_API_PASSWORD and ORACLE_PASSWORD to .env - Update process_bon.py to use python-dotenv - chmod 600 on .env and credentials/* - Install python-dotenv dependency
2026-02-03 21:12:13 +00:00
parent db4b57f5a3
commit 9a6446070a
9 changed files with 283 additions and 175 deletions
--- a/tools/process_bon.py
+++ b/tools/process_bon.py
@@ -17,6 +17,7 @@ Fluxul:
 """

 import sys
+import os
 import json
 import time
 import argparse
@@ -26,17 +27,21 @@ from decimal import Decimal

 import requests
 import oracledb
+from dotenv import load_dotenv
+
+# Load .env from parent directory
+load_dotenv(Path(__file__).parent.parent / ".env")

 # === CONFIG ===
 API_BASE = "http://10.0.20.171:8000"
 API_USER = "MARIUS M"
-API_PASS = "123"
+API_PASS = os.getenv("ROA_API_PASSWORD", "")
 SERVER_ID = "central"
 COMPANY_ID = 110  # MARIUSM AUTO

 ORACLE_CONFIG = {
    "user": "MARIUSM_AUTO",
-    "password": "ROMFASTSOFT",
+    "password": os.getenv("ORACLE_PASSWORD", ""),
    "dsn": "10.0.20.121:1521/ROA"
 }