SignalWire DocsSecurityConfig provides centralized security settings for all SignalWire
services. It loads settings from environment variables and optional config files,
handling SSL/TLS, CORS, host allowlists, rate limiting, HSTS, and basic
authentication credentials.
A global default instance is available at signalwire.core.security_config.security_config
for backward compatibility. Services can create their own instances with
service-specific config files.
Whether HTTPS is enabled.
Path to the SSL certificate file. Required when ssl_enabled is True.
Path to the SSL private key file. Required when ssl_enabled is True.
Domain name for SSL certificates and URL generation.
SSL certificate verification mode.
List of allowed hostnames. ["*"] accepts all hosts.
List of allowed CORS origins. ["*"] accepts all origins.
Maximum request body size in bytes (default 10 MB).
Rate limit in requests per minute.
Request timeout in seconds.
Enable HTTP Strict Transport Security when serving over HTTPS.
HSTS max-age in seconds (default 1 year).
Basic auth username. Defaults to "signalwire" when accessed via get_basic_auth().
Basic auth password. Auto-generated if not set when accessed via get_basic_auth().
Get basic authentication credentials, generating a password if not set.
Get CORS configuration suitable for FastAPI’s CORSMiddleware.
Get security headers to add to HTTP responses.
Get SSL parameters suitable for passing to uvicorn.
Get the URL scheme based on SSL configuration.
Reload all settings from environment variables.
Log the current security configuration for debugging.
Check if a host is in the allowed hosts list.
Validate that SSL configuration is complete and certificate files exist.