From 23506bab7d30c1708a603dcdaba658a877ff8b30 Mon Sep 17 00:00:00 2001 From: "Christoph K." Date: Tue, 7 Apr 2026 09:54:18 +0200 Subject: [PATCH] Replace hardcoded DB credentials with env vars in docker-compose Adds .env.example as a template and .gitignore to exclude the actual .env file, preventing accidental credential commits. Co-Authored-By: Claude Sonnet 4.6 --- .env.example | 4 ++++ .gitignore | 1 + docker-compose.yml | 10 +++++----- 3 files changed, 10 insertions(+), 5 deletions(-) create mode 100644 .env.example create mode 100644 .gitignore diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..f992665 --- /dev/null +++ b/.env.example @@ -0,0 +1,4 @@ +# Copy to .env and set a strong password before starting +DB_USER=pamietnik +DB_NAME=pamietnik +DB_PASSWORD=change-me-before-production diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4c49bd7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.env diff --git a/docker-compose.yml b/docker-compose.yml index 13195f8..f86922e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,13 +2,13 @@ services: postgres: image: postgres:16-alpine environment: - POSTGRES_USER: pamietnik - POSTGRES_PASSWORD: pamietnik - POSTGRES_DB: pamietnik + POSTGRES_USER: ${DB_USER:-pamietnik} + POSTGRES_PASSWORD: ${DB_PASSWORD:?DB_PASSWORD is required} + POSTGRES_DB: ${DB_NAME:-pamietnik} volumes: - pgdata:/var/lib/postgresql/data healthcheck: - test: ["CMD-SHELL", "pg_isready -U pamietnik"] + test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-pamietnik}"] interval: 5s timeout: 5s retries: 5 @@ -20,7 +20,7 @@ services: ports: - "9050:8080" environment: - DATABASE_URL: postgres://pamietnik:pamietnik@postgres:5432/pamietnik?sslmode=disable + DATABASE_URL: postgres://${DB_USER:-pamietnik}:${DB_PASSWORD:?DB_PASSWORD is required}@postgres:5432/${DB_NAME:-pamietnik}?sslmode=disable LISTEN_ADDR: :8080 depends_on: postgres: