MrSphay/envHelper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Harden app for release readiness
All checks were successful
Build Windows App / build-windows (push) Successful in 25m17s
Details

Browse Source
This commit is contained in:
MrSphay
2026-05-02 01:01:57 +02:00
parent 77a69c180c
commit a35acb3ea9
7 changed files with 116 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
README.md
View File

@@ -152,14 +152,23 @@ Manual defaults can always be added. They override automatically detected defaul
## Downloads and Artifacts
The Windows build produces two executable artifacts:
The current Windows build can be downloaded directly from the Gitea Generic Package registry:
| Variant | Download |
| --- | --- |
| Installer | [EnvHelper-setup-x64.exe](https://git.wilkensxl.de/api/packages/MrSphay/generic/envhelper/latest/EnvHelper-setup-x64.exe) |
| Portable | [EnvHelper-portable-x64.exe](https://git.wilkensxl.de/api/packages/MrSphay/generic/envhelper/latest/EnvHelper-portable-x64.exe) |
Private package downloads may require an active Gitea session or a token with package read access.
Each build also produces versioned executable artifacts:
```text
EnvHelper-0.1.0-setup-x64.exe
EnvHelper-0.1.0-portable-x64.exe
```
The files are published by the Gitea Runner as an Actions artifact and as a Generic Package.
The files are published by the Gitea Runner as an Actions artifact, as an immutable `version-sha` Generic Package, and as the moving `latest` Generic Package used by the links above.
<p align="center"><img src="https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/rainbow.png" alt="-----------------------------------------------------" width="100%"></p>
@@ -237,6 +246,18 @@ The generated output is committed as `README.md` so Gitea can render it directly
EnvHelper generates values locally in the renderer using Web Crypto. It is a helper for `.env` templates and is not a replacement for a central secret manager in production infrastructure.
Security posture:
| Area | State |
| --- | --- |
| Secret generation | Uses `crypto.getRandomValues` and `crypto.randomUUID` |
| Renderer isolation | Electron `contextIsolation` and sandbox are enabled |
| Node access | `nodeIntegration` is disabled in the renderer |
| Navigation | New windows and renderer navigation are blocked |
| Content policy | The app ships with a restrictive Content Security Policy |
| Default storage | Sensitive manual defaults such as passwords, tokens, and API keys are not persisted |
| External services | No `.env` input or generated secret is sent to external services |
### Windows Defender and SmartScreen
Windows may block or delay apps from unknown publishers. This is usually caused by missing reputation or by the absence of a trusted code-signing certificate.