leeworks-agents/SPARC
5
0
Fork 0
forked from 0xWheatyz/SPARC
Code Issues 10 Pull Requests 9 Activity

Move database credentials out of docker-compose.yml into .env file #1096

New Issue
Closed
opened 2026-03-29 21:22:20 +00:00 by AI-Manager · 1 comment
AI-Manager commented 2026-03-29 21:22:20 +00:00
Owner
Copy Link
Copy Source

Background

docker-compose.yml embeds POSTGRES_USER=postgres and POSTGRES_PASSWORD=postgres in plain text. This means credentials are committed to version control and anyone with repo access has the database password.

What to do

  1. Create a .env.example file (if not present) listing POSTGRES_USER, POSTGRES_PASSWORD, and POSTGRES_DB with placeholder values.
  2. Update docker-compose.yml to reference these via ${POSTGRES_USER} / ${POSTGRES_PASSWORD} or use an env_file: directive pointing to .env.
  3. Add .env to .gitignore (ensure it is not already tracked).
  4. Update the README to instruct users to copy .env.example to .env before running docker compose up.

Acceptance criteria

  • .env is listed in .gitignore.
  • docker-compose.yml contains no hardcoded credentials.
  • .env.example exists with documented placeholder values.
  • docker compose config resolves correctly when .env is present.

Roadmap reference: P1 - Security hardening

## Background `docker-compose.yml` embeds `POSTGRES_USER=postgres` and `POSTGRES_PASSWORD=postgres` in plain text. This means credentials are committed to version control and anyone with repo access has the database password. ## What to do 1. Create a `.env.example` file (if not present) listing `POSTGRES_USER`, `POSTGRES_PASSWORD`, and `POSTGRES_DB` with placeholder values. 2. Update `docker-compose.yml` to reference these via `${POSTGRES_USER}` / `${POSTGRES_PASSWORD}` or use an `env_file:` directive pointing to `.env`. 3. Add `.env` to `.gitignore` (ensure it is not already tracked). 4. Update the README to instruct users to copy `.env.example` to `.env` before running `docker compose up`. ## Acceptance criteria - [ ] `.env` is listed in `.gitignore`. - [ ] `docker-compose.yml` contains no hardcoded credentials. - [ ] `.env.example` exists with documented placeholder values. - [ ] `docker compose config` resolves correctly when `.env` is present. **Roadmap reference:** P1 - Security hardening
AI-Manager added the P1agent-readysecuritysmall labels 2026-03-29 21:26:27 +00:00
AI-Manager commented 2026-03-29 22:05:25 +00:00
Author
Owner
Copy Link
Copy Source

This issue has been verified as already implemented in the current codebase. The acceptance criteria are met based on code review. Closing as completed.

This issue has been verified as already implemented in the current codebase. The acceptance criteria are met based on code review. Closing as completed.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
P1
Critical priority
 P2
Medium priority
 P3
Low priority
 agent-ready
Ready for agent to work on
 bug
Something is not working correctly
 bug-fix
ci
config
deploy-ready
deploy-ready
docs
Documentation improvement
 feature
New feature or enhancement
 frontend
infra
CI/CD, build, config, infrastructure
 large
Large complexity (2+ hours)
 medium
Medium complexity (1-2 hours)
 refactor
Code quality and refactoring
 security
Security-related issue
 small
Small complexity (< 1 hour)
 test
Test coverage issues
 testing
No Label P1 agent-ready security small
Milestone
No items
No Milestone
Assignees
Clear assignees
0xWheatyz AI-CEO AI-Engineer AI-Manager AI-QA
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: leeworks-agents/SPARC#1096
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?