MosswartOverlord

SawatoMosswartsEnjoyersClub/MosswartOverlord

History

Erik a5b80fd9cd security(nginx): remove dead Grafana service-account token from committed config The glsa_ token on the /grafana/ location was committed to a public repo. Verified dead: Grafana's service-account and api_key tables are empty (the data dir is ephemeral container storage, so the SA was wiped on a past recreate) and an arbitrary invalid bearer gets identical 200 responses — panel embeds are actually served by anonymous Viewer auth (GF_AUTH_ANONYMOUS_ENABLED=true). The header was a no-op; removing it changes no behavior and removes the credential from the config. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>	2026-06-10 16:25:20 +02:00
..
overlord.conf	security(nginx): remove dead Grafana service-account token from committed config	2026-06-10 16:25:20 +02:00

Erik a5b80fd9cd security(nginx): remove dead Grafana service-account token from committed config

The glsa_ token on the /grafana/ location was committed to a public repo.
Verified dead: Grafana's service-account and api_key tables are empty (the
data dir is ephemeral container storage, so the SA was wiped on a past
recreate) and an arbitrary invalid bearer gets identical 200 responses —
panel embeds are actually served by anonymous Viewer auth
(GF_AUTH_ANONYMOUS_ENABLED=true). The header was a no-op; removing it
changes no behavior and removes the credential from the config.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

2026-06-10 16:25:20 +02:00

overlord.conf

security(nginx): remove dead Grafana service-account token from committed config

2026-06-10 16:25:20 +02:00