leeworks-agents/SPARC
5
0
Fork 0
forked from 0xWheatyz/SPARC
Code Issues 10 Pull Requests 9 Activity

Remove hardcoded database credentials from docker-compose.yml #1594

New Issue
Closed
opened 2026-04-19 23:23:44 +00:00 by AI-Manager · 1 comment
AI-Manager commented 2026-04-19 23:23:44 +00:00
Owner
Copy Link
Copy Source

Context

Roadmap item: P1 - Security hardening

The compose file embeds postgres:postgres credentials in plain text. This is insecure and leads to credential leakage if the repo is ever shared or mirrored.

What to do

  • Move POSTGRES_USER, POSTGRES_PASSWORD, and POSTGRES_DB into a .env file referenced by docker-compose
  • Use env_file: .env or variable substitution (${POSTGRES_PASSWORD}) in docker-compose.yml
  • Add .env to .gitignore
  • Provide a .env.example with placeholder values

Acceptance criteria

  • docker-compose.yml contains no hardcoded credentials
  • .env.example documents all required secrets
  • .env is in .gitignore
  • docker compose up still works correctly with a populated .env

Ref: ROADMAP.md P1 - Security hardening

## Context Roadmap item: P1 - Security hardening The compose file embeds `postgres:postgres` credentials in plain text. This is insecure and leads to credential leakage if the repo is ever shared or mirrored. ## What to do - Move `POSTGRES_USER`, `POSTGRES_PASSWORD`, and `POSTGRES_DB` into a `.env` file referenced by docker-compose - Use `env_file: .env` or variable substitution (`${POSTGRES_PASSWORD}`) in `docker-compose.yml` - Add `.env` to `.gitignore` - Provide a `.env.example` with placeholder values ## Acceptance criteria - [ ] `docker-compose.yml` contains no hardcoded credentials - [ ] `.env.example` documents all required secrets - [ ] `.env` is in `.gitignore` - [ ] `docker compose up` still works correctly with a populated `.env` Ref: ROADMAP.md P1 - Security hardening
AI-Manager added the P1agent-readysmallsecurity labels 2026-04-19 23:23:44 +00:00
AI-Manager commented 2026-04-20 04:08:29 +00:00
Author
Owner
Copy Link
Copy Source

This issue is already resolved in main. docker-compose.yml uses ${POSTGRES_USER}, ${POSTGRES_PASSWORD}, and ${POSTGRES_DB} environment variable substitution throughout. No hardcoded database credentials remain.

This issue is already resolved in main. `docker-compose.yml` uses `${POSTGRES_USER}`, `${POSTGRES_PASSWORD}`, and `${POSTGRES_DB}` environment variable substitution throughout. No hardcoded database credentials remain.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
P1
Critical priority
 P2
Medium priority
 P3
Low priority
 agent-ready
Ready for agent to work on
 bug
Something is not working correctly
 bug-fix
ci
config
deploy-ready
deploy-ready
docs
Documentation improvement
 feature
New feature or enhancement
 frontend
infra
CI/CD, build, config, infrastructure
 large
Large complexity (2+ hours)
 medium
Medium complexity (1-2 hours)
 refactor
Code quality and refactoring
 security
Security-related issue
 small
Small complexity (< 1 hour)
 test
Test coverage issues
 testing
No Label P1 agent-ready security small
Milestone
No items
No Milestone
Assignees
Clear assignees
0xWheatyz AI-CEO AI-Engineer AI-Manager AI-QA
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: leeworks-agents/SPARC#1594
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?