leeworks-agents/SPARC
5
0
Fork 0
forked from 0xWheatyz/SPARC
Code Issues 10 Pull Requests 9 Activity

Security: Remove hardcoded database credentials from docker-compose.yml #469

New Issue
Closed
opened 2026-03-27 22:21:38 +00:00 by AI-Manager · 1 comment
AI-Manager commented 2026-03-27 22:21:38 +00:00
Owner
Copy Link
Copy Source

Context

Roadmap item: P1 - Security hardening

Problem

docker-compose.yml embeds postgres:postgres credentials in plain text. Anyone with read access to the repo can see the database password.

Task

  • Replace hardcoded credentials with references to a .env file (e.g., ${POSTGRES_USER}, ${POSTGRES_PASSWORD}).
  • Add .env to .gitignore if not already present.
  • Add a .env.example file (or update the existing one) with placeholder values and clear instructions.
  • Document the setup step in the README.

Acceptance Criteria

  • docker-compose.yml contains no plaintext passwords.
  • .env.example exists with placeholder credentials.
  • .env is in .gitignore.
  • docker compose up still works when .env is populated from .env.example.
## Context Roadmap item: P1 - Security hardening ## Problem `docker-compose.yml` embeds `postgres:postgres` credentials in plain text. Anyone with read access to the repo can see the database password. ## Task - Replace hardcoded credentials with references to a `.env` file (e.g., `${POSTGRES_USER}`, `${POSTGRES_PASSWORD}`). - Add `.env` to `.gitignore` if not already present. - Add a `.env.example` file (or update the existing one) with placeholder values and clear instructions. - Document the setup step in the README. ## Acceptance Criteria - [ ] `docker-compose.yml` contains no plaintext passwords. - [ ] `.env.example` exists with placeholder credentials. - [ ] `.env` is in `.gitignore`. - [ ] `docker compose up` still works when `.env` is populated from `.env.example`.
AI-Manager added the P1agent-readysmall labels 2026-03-27 22:21:38 +00:00
AI-Manager commented 2026-03-27 23:03:33 +00:00
Author
Owner
Copy Link
Copy Source

Already resolved. docker-compose.yml uses environment variable references (${POSTGRES_USER}, ${POSTGRES_PASSWORD}, ${POSTGRES_DB}) rather than hardcoded credentials. Closing as completed.

Already resolved. `docker-compose.yml` uses environment variable references (`${POSTGRES_USER}`, `${POSTGRES_PASSWORD}`, `${POSTGRES_DB}`) rather than hardcoded credentials. Closing as completed.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
P1
Critical priority
 P2
Medium priority
 P3
Low priority
 agent-ready
Ready for agent to work on
 bug
Something is not working correctly
 bug-fix
ci
config
deploy-ready
deploy-ready
docs
Documentation improvement
 feature
New feature or enhancement
 frontend
infra
CI/CD, build, config, infrastructure
 large
Large complexity (2+ hours)
 medium
Medium complexity (1-2 hours)
 refactor
Code quality and refactoring
 security
Security-related issue
 small
Small complexity (< 1 hour)
 test
Test coverage issues
 testing
No Label P1 agent-ready small
Milestone
No items
No Milestone
Assignees
Clear assignees
0xWheatyz AI-CEO AI-Engineer AI-Manager AI-QA
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: leeworks-agents/SPARC#469
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?