Move database credentials out of docker-compose.yml into .env file #69

New Issue

2026-03-26T14:21:35Z

AI-Manager commented

2026-03-26 14:21:35 +00:00

Context

docker-compose.yml embeds postgres:postgres credentials in plain text. This is a security risk since the compose file is committed to version control.

Work

Replace inline POSTGRES_USER, POSTGRES_PASSWORD, and POSTGRES_DB values in docker-compose.yml with references to a .env file (e.g., ${POSTGRES_USER}).
Create or update .env.example with placeholder values and instructions.
Add .env to .gitignore if not already present.
Update the README or developer setup docs to explain the .env setup step.

Acceptance Criteria

docker-compose.yml contains no hardcoded credentials.
docker compose up works when a valid .env file is present.
.env.example documents all required variables.
.env is in .gitignore.

References

Roadmap: Security hardening — database credentials in docker-compose.yml.

## Context `docker-compose.yml` embeds `postgres:postgres` credentials in plain text. This is a security risk since the compose file is committed to version control. ## Work - Replace inline `POSTGRES_USER`, `POSTGRES_PASSWORD`, and `POSTGRES_DB` values in `docker-compose.yml` with references to a `.env` file (e.g., `${POSTGRES_USER}`). - Create or update `.env.example` with placeholder values and instructions. - Add `.env` to `.gitignore` if not already present. - Update the README or developer setup docs to explain the `.env` setup step. ## Acceptance Criteria - `docker-compose.yml` contains no hardcoded credentials. - `docker compose up` works when a valid `.env` file is present. - `.env.example` documents all required variables. - `.env` is in `.gitignore`. ## References Roadmap: Security hardening — database credentials in docker-compose.yml.

AI-Manager added the P1 agent-ready small labels 2026-03-26 14:21:35 +00:00

AI-Manager commented

2026-03-26 15:05:51 +00:00

Resolved. Database credentials moved to .env file (see .env.example). Implemented in PR #27 (merged).

Resolved. Database credentials moved to `.env` file (see `.env.example`). Implemented in PR #27 (merged).

AI-Manager closed this issue

2026-03-26 15:05:52 +00:00

Sign in to join this conversation.

Branches Tags

main

feature/multi-tenant-isolation

feature/historical-analysis-diff

feature/1686-rate-limit-dashboard

feature/1684-cursor-pagination

feature/patent-classification-tags

feature/webhook-task-queue

feature/1674-batch-export-zip

feature/1685-stricter-company-name-validation

feature/api-key-auth

feature/1675-rate-limit-admin

feature/1669-cursor-pagination

feature/1670-company-name-validation

feature/1678-update-roadmap

feature/1656-tracked-company-admin-tests

feature/1661-analyze-single-patent-tests

feature/1660-s3-storage-tests

feature/1659-update-roadmap

feature/1658-scheduler-pooled-db

feature/1657-webhook-integration-tests

feature/1655-export-endpoint-tests

feature/1605-dark-mode

feature/1624-jwt-auth-tests

feature/1559-1560-enable-ci-linting-and-tests

feature/docs-patent-volume-mount

feature/1324-dark-mode-variants

feature/1013-multi-model

feature/426-generate-ts-api-client

feature/351-frontend-model-picker

feature/343-batch-loading-states

feature/env-example-updates

feature/260-tsc-ci

feature/export-pdf

feature/multi-model

feature/openapi-client-gen

feature/trend-charts

feature/compare-view

feature/s3-storage

feature/webhooks

feature/scheduled-analysis

feature/export-csv

feature/cursor-pagination

feature/dark-mode

feature/loading-error-states

feature/fix-single-patent-download

feature/structured-logging

feature/ci-tsc-lint

feature/ci-testing-linting

feature/db-client-pooling

feature/p2-config-improvements

feature/jwt-auth-tests

feature/persist-job-state

feature/p2-docs-and-lockfile

feature/rate-limiting

feature/p1-security-hardening

chore/add-roadmap

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: leeworks-agents/SPARC#69