feat: SHARED_SECRET_LEGACY migration escape hatch for plugin secret rollout

Accepts one legacy secret alongside the real one so existing clients keep registering while game machines migrate to websocket_secret.txt. Remove SHARED_SECRET_LEGACY from .env after the rollout. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-10 20:20:19 +02:00 · 2026-06-10 20:20:19 +02:00 · 52bf9342df
commit 52bf9342df
parent 15ae870117
2 changed files with 21 additions and 3 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -26,6 +26,9 @@ services:
      DB_MAX_SQL_VARIABLES: "${DB_MAX_SQL_VARIABLES}"
      DB_WAL_AUTOCHECKPOINT_PAGES: "${DB_WAL_AUTOCHECKPOINT_PAGES}"
      SHARED_SECRET: "${SHARED_SECRET}"
+      # Optional second secret accepted during plugin migration — remove
+      # from .env after rollout (see main.py SHARED_SECRET_LEGACY).
+      SHARED_SECRET_LEGACY: "${SHARED_SECRET_LEGACY:-}"
      SECRET_KEY: "${SECRET_KEY}"
      INVENTORY_SERVICE_URL: "http://inventory-service:8000"
      DISCORD_ACLOG_WEBHOOK: "${DISCORD_ACLOG_WEBHOOK:-}"