← WIKI INDEX

FLUX DOCUMENTATION SYSTEM Layer 11 — STARTER KIT | starter-kit-security flux.dantesisofo.com/wiki/starter-kit-security/

STARTER KIT — SECURITY & SANITIZATION

The packaging rule is simple: the kit ships the machinery, never the identity, secrets, or data. This page is the checklist that gates any release.


1. NEVER SHIP (SECRETS)

Because a starter kit is built as a fresh repo / clean folder (not a copy of the working tree), there is no git history to leak old secrets from. Start clean.


2. NEVER SHIP (PERSONAL IDENTITY / INFRA)

Replace these with config variables (.env) or generic placeholders:

Real value (do not embed) Ships as
your S3 bucket name FLUX_BUCKET (placeholder)
your CloudFront distribution ID FLUX_CF_DIST (placeholder)
your public domain FLUX_BASE_URL (placeholder)
your AWS region FLUX_REGION
your author/photographer name FLUX_AUTHOR = Your Name
your IAM user name n/a (student uses their own)
absolute home paths (/Users/<you>/…) relative paths / $HOME

These identifiers are sprinkled across the working code; sanitization means externalizing all of them into one config so the student sets their own.


3. NEVER SHIP (PERSONAL DATA)

Ship instead a tiny sample walk (CC0 / public-domain geotagged photos, or a generator that stamps sample EXIF+GPS) and an empty catalog seed. See TEMPLATE KIT PLAN.


4. PRIVACY OF GEOTAGS

Geotagged photos contain precise locations. Two things to teach students:


5. SANITIZATION CHECKLIST (RELEASE GATE)

Before any kit leaves your machine:


Next: TEMPLATE KIT PLAN for exactly what code is included vs excluded.


FLUX_WIKI_v2.0 — flux.dantesisofo.com/wiki/starter-kit-security/