add tamper protection

src/main/kotlin/com/restapi/config/AppConfig.kt

@@ -7,14 +7,8 @@ import net.cactusthorn.config.core.factory.ConfigFactory
 import net.cactusthorn.config.core.loader.LoadStrategy
 import java.util.Optional
 
-const val INITIAL_ROLES_JSON = """{
-  "roles": []
-}"""
-
 @Config(
-    sources = [
-        "file:~/app.properties", "system:env"
-    ],
+    sources = ["file:~/app.yaml", "system:env"],
     loadStrategy = LoadStrategy.FIRST_KEYCASEINSENSITIVE
 )
 interface AppConfig {
@@ -46,9 +40,6 @@ interface AppConfig {
     @Key("app.db.run_migration")
     fun dbRunMigration(): Boolean
 
-    @Key("app.db.seed_sql")
-    fun seedSqlFile(): Optional<String>
-
     @Key("app.iam.url")
     fun iamUrl(): String
 

src/main/kotlin/com/restapi/domain/db.kt

@@ -45,7 +45,7 @@ object Session {
 
     //if not passed in ENV, then we shall generate and print
     private fun makeRsaJsonWebKey(publicKey: String, privateKey: String): RsaJsonWebKey {
-
+        logger.warn("making KeyPair from Config \n$publicKey\n\n$privateKey")
         val newPublicKey = readPublicKey(publicKey)
         val newPrivateKey = readPrivateKey(privateKey)
         val rsa = PublicJsonWebKey.Factory.newPublicJwk(newPublicKey) as RsaJsonWebKey
@@ -143,9 +143,6 @@ object Session {
             setProperty("datasource.db.password", appConfig.dbPass())
             setProperty("datasource.db.url", appConfig.dbUrl())
             setProperty("ebean.migration.run", appConfig.dbRunMigration().toString())
-            if (appConfig.seedSqlFile().isPresent) {
-                setProperty("ebean.ddl.seedSql", appConfig.seedSqlFile().get())
-            }
         })
         tenantMode = TenantMode.PARTITION
         currentTenantProvider = CurrentTenantProvider { currentUser.get().tenant }