Skip to content

Default database password committed in plaintext in docker-compose.yml #12

Description

@abayomicornelius

docker-compose.yml hardcodes POSTGRES_PASSWORD: password and the matching DATABASE_URL with the same credential for the api service. While acceptable for pure local dev, this pattern encourages copy-pasting into staging/production configs.

Document this explicitly as dev-only (e.g., a comment banner) and/or switch to reading credentials from a .env file that's gitignored, consistent with the .env.example pattern already used elsewhere.

Metadata

Metadata

Assignees

No one assigned

    Labels

    devopsDeployment/infrasecuritySecurity concern

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions