Environment Variable Rework

This release introduces a cleaner separation between secret and non-secret configuration, improving flexibility and security.

Configuration Changes

Secrets

• Must be set via environment variables only (Docker environment or any other environment system).
• Required secrets: SECRET_KEY, MAILJET_API_KEY, MAILJET_API_SECRET, OIDC_CLIENT_ID, OIDC_CLIENT_SECRET.

Non-Secret Settings

• Stored in settings.json.
• Can also be overridden by environment variables.
• Values provided via environment variables cannot be modified through the UI.

Migration from .env Files

• If you already have a .env file, it can remain in place.
• An automatic migration will copy non-secret values to settings.json.
• Once settings.json appears in /data, you can safely delete the .env file.

Configuration Priority

1. Environment Variables (Highest Priority)

• Override all other values.
• Cannot be modified via the UI.
• Secrets must be defined here.

1. settings.json

• Editable through the UI.
• Used for non-sensitive configuration.

1. Default Values (Lowest Priority)

• Hardcoded in the application.
• Used as fallback when no other value is provided.

Other Changes

• The Gunicorn version (non-Docker) is now unified.
• Gunicorn will also use files located in the ./data folder.