Merge e130d69c5b into c861c0bcc5

docker-compose.override.yml.example

@@ -13,6 +13,7 @@ services:
     # environment:
       # SKIP_SUPERUSER: "false"
       # SUPERUSER_API_TOKEN: ""
+      # SUPERUSER_API_KEY: ""
       # SUPERUSER_EMAIL: ""
       # SUPERUSER_NAME: ""
       # SUPERUSER_PASSWORD: ""

docker/super_user.py

@@ -19,10 +19,16 @@ def _read_secret(secret_name: str, default: str | None = None) -> str | None:
 su_name = environ.get("SUPERUSER_NAME", "admin")
 su_email = environ.get("SUPERUSER_EMAIL", "admin@example.com")
 su_password = _read_secret("superuser_password", environ.get("SUPERUSER_PASSWORD", "admin"))
+if not environ.get("SUPERUSER_API_TOKEN"):
+    print("⚠️ Warning: Defaulting to the old default admin token. This token is widely known; please remove it.")
 su_api_token = _read_secret(
     "superuser_api_token",
     environ.get("SUPERUSER_API_TOKEN", "0123456789abcdef0123456789abcdef01234567"),
 )
+su_api_key = _read_secret(
+    "superuser_api_key",
+    environ.get("SUPERUSER_API_KEY", "cae3ju9jeaqu"),
+)
 
 if not User.objects.filter(username=su_name):
     u = User.objects.create_superuser(su_name, su_email, su_password)
@@ -31,6 +37,9 @@ if not User.objects.filter(username=su_name):
         print("⚠️ No API token will be created as API_TOKEN_PEPPERS is not set")
         msg = f"💡 Superuser Username: {su_name}, E-Mail: {su_email}"
     else:
-        t = Token.objects.create(user=u, token=su_api_token, version=TokenVersionChoices.V2)
+        if su_api_key:
-        msg = f"💡 Superuser Username: {su_name}, E-Mail: {su_email}, API Token: {t} (use with '{t.get_auth_header_prefix()}<Your token>')"
+            t = Token.objects.create(user=u, token=su_api_token, version=TokenVersionChoices.V2, key=su_api_key)
+        else:
+            t = Token.objects.create(user=u, token=su_api_token, version=TokenVersionChoices.V2)
+        msg = f"💡 Superuser Username: {su_name}, E-Mail: {su_email}, API Token: use with '{t.get_auth_header_prefix()}<Your token>'"
     print(msg)