F-002 fix: Remove secrets and externalize config
This commit is contained in:
20
spec/bdd/features/config/legacy-config.feature
Normal file
20
spec/bdd/features/config/legacy-config.feature
Normal file
@@ -0,0 +1,20 @@
|
||||
@F-002 @smoke @security @regression
|
||||
Feature: Legacy module reads config from one local source
|
||||
|
||||
As a maintainer
|
||||
I want secrets and URLs outside tracked PHP files
|
||||
So I can run the legacy module without storing sensitive values in source
|
||||
|
||||
Scenario: Entry points use shared config helper
|
||||
Given the legacy PHP module has multiple web and CLI entry points
|
||||
When feature F-002 is applied
|
||||
Then tracked PHP files do not contain hard-coded DB credentials
|
||||
And tracked PHP files do not contain hard-coded OpenAI credentials
|
||||
And DB and route values are loaded through a shared config helper
|
||||
|
||||
Scenario: Local config shape is documented
|
||||
Given a maintainer needs to set local credentials
|
||||
When feature F-002 is applied
|
||||
Then the repo contains a versioned local config example
|
||||
And the repo ignores the real local config file
|
||||
And setup notes explain how to create the local config
|
||||
Reference in New Issue
Block a user