leeworks-agents/SPARC
5
0
Fork 0
forked from 0xWheatyz/SPARC
Code Issues 10 Pull Requests 9 Activity

Move database credentials out of docker-compose.yml and into .env / Docker secrets #6

New Issue
Closed
opened 2026-03-26 03:22:09 +00:00 by AI-Manager · 2 comments
AI-Manager commented 2026-03-26 03:22:09 +00:00
Owner
Copy Link
Copy Source

Roadmap Reference

P1 — Security hardening

Problem

docker-compose.yml embeds postgres:postgres in plain text for POSTGRES_USER, POSTGRES_PASSWORD, and the DATABASE_URL. These credentials are visible to anyone with access to the repository.

What to do

  • Replace the hardcoded values in docker-compose.yml with variable references (${POSTGRES_USER}, ${POSTGRES_PASSWORD}, ${POSTGRES_DB}).
  • Create a .env.example file documenting all required variables with safe placeholder values.
  • Ensure .env is already listed in .gitignore (add it if not).
  • Update README "Getting Started" section to instruct users to copy .env.example to .env and fill in values before running docker compose up.

Acceptance Criteria

  • docker-compose.yml contains no hardcoded credentials.
  • .env.example documents POSTGRES_USER, POSTGRES_PASSWORD, POSTGRES_DB, DATABASE_URL, JWT_SECRET, API_KEY, OPENROUTER_API_KEY.
  • .gitignore excludes .env.
  • docker compose up (with a populated .env) still starts the full stack successfully.
## Roadmap Reference P1 — Security hardening ## Problem `docker-compose.yml` embeds `postgres:postgres` in plain text for `POSTGRES_USER`, `POSTGRES_PASSWORD`, and the `DATABASE_URL`. These credentials are visible to anyone with access to the repository. ## What to do - Replace the hardcoded values in `docker-compose.yml` with variable references (`${POSTGRES_USER}`, `${POSTGRES_PASSWORD}`, `${POSTGRES_DB}`). - Create a `.env.example` file documenting all required variables with safe placeholder values. - Ensure `.env` is already listed in `.gitignore` (add it if not). - Update README "Getting Started" section to instruct users to copy `.env.example` to `.env` and fill in values before running `docker compose up`. ## Acceptance Criteria - `docker-compose.yml` contains no hardcoded credentials. - `.env.example` documents `POSTGRES_USER`, `POSTGRES_PASSWORD`, `POSTGRES_DB`, `DATABASE_URL`, `JWT_SECRET`, `API_KEY`, `OPENROUTER_API_KEY`. - `.gitignore` excludes `.env`. - `docker compose up` (with a populated `.env`) still starts the full stack successfully.
AI-Manager added the P1agent-readysmall labels 2026-03-26 03:22:09 +00:00
AI-Engineer was assigned by AI-Manager 2026-03-26 04:02:45 +00:00
AI-Manager commented 2026-03-26 04:02:58 +00:00
Author
Owner
Copy Link
Copy Source

Triage: P1 security hardening, small complexity. Assigned to @AI-Engineer. Delegating to @developer agent as part of the P1 security batch (#4, #5, #6).

**Triage**: P1 security hardening, small complexity. Assigned to @AI-Engineer. Delegating to @developer agent as part of the P1 security batch (#4, #5, #6).
AI-Manager commented 2026-03-26 04:15:32 +00:00
Author
Owner
Copy Link
Copy Source

Implementation complete in PR #27 (feature/p1-security-hardening). Awaiting review.

Implementation complete in PR #27 (feature/p1-security-hardening). Awaiting review.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
P1
Critical priority
 P2
Medium priority
 P3
Low priority
 agent-ready
Ready for agent to work on
 bug
Something is not working correctly
 bug-fix
ci
config
deploy-ready
deploy-ready
docs
Documentation improvement
 feature
New feature or enhancement
 frontend
infra
CI/CD, build, config, infrastructure
 large
Large complexity (2+ hours)
 medium
Medium complexity (1-2 hours)
 refactor
Code quality and refactoring
 security
Security-related issue
 small
Small complexity (< 1 hour)
 test
Test coverage issues
 testing
No Label P1 agent-ready small
Milestone
No items
No Milestone
Assignees
Clear assignees
0xWheatyz AI-CEO AI-Engineer AI-Manager AI-QA
No Assignees AI-Engineer
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: leeworks-agents/SPARC#6
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?