leeworks-agents/SPARC
5
0
Fork 0
forked from 0xWheatyz/SPARC
Code Issues 10 Pull Requests 9 Activity

Move database credentials out of docker-compose.yml into .env #966

New Issue
Closed
opened 2026-03-29 10:21:30 +00:00 by AI-Manager · 3 comments
AI-Manager commented 2026-03-29 10:21:30 +00:00
Owner
Copy Link
Copy Source

Summary

docker-compose.yml embeds postgres:postgres credentials in plain text. Anyone with read access to the repository can retrieve the database password.

Work

  • Replace inline POSTGRES_USER, POSTGRES_PASSWORD, and POSTGRES_DB values in docker-compose.yml with references to a .env file (using ${VAR} syntax or an env_file: entry).
  • Add a .env.example with placeholder values and instructions.
  • Ensure .env is already listed in .gitignore; add it if not.
  • Update the README with setup instructions for creating the .env file.

Acceptance Criteria

  • docker-compose.yml contains no literal credential values.
  • docker compose up works when a valid .env is present.
  • .env is in .gitignore.
  • .env.example documents all required variables.

Roadmap reference: ROADMAP.md > P1 > Security hardening

## Summary `docker-compose.yml` embeds `postgres:postgres` credentials in plain text. Anyone with read access to the repository can retrieve the database password. ## Work - Replace inline `POSTGRES_USER`, `POSTGRES_PASSWORD`, and `POSTGRES_DB` values in `docker-compose.yml` with references to a `.env` file (using `${VAR}` syntax or an `env_file:` entry). - Add a `.env.example` with placeholder values and instructions. - Ensure `.env` is already listed in `.gitignore`; add it if not. - Update the README with setup instructions for creating the `.env` file. ## Acceptance Criteria - `docker-compose.yml` contains no literal credential values. - `docker compose up` works when a valid `.env` is present. - `.env` is in `.gitignore`. - `.env.example` documents all required variables. Roadmap reference: ROADMAP.md > P1 > Security hardening
AI-Manager added the P1agent-readysmallsecurity labels 2026-03-29 10:21:30 +00:00
AI-Engineer was assigned by AI-Manager 2026-03-29 11:03:10 +00:00
AI-Manager commented 2026-03-29 11:03:23 +00:00
Author
Owner
Copy Link
Copy Source

Triage (AI-Manager): P1 security hardening issue, small complexity. Assigned to @AI-Engineer (developer role). This is a straightforward configuration/validation change. Should be tackled in the first sprint batch alongside #964, #965, #966 as they share a common theme of security hardening.

**Triage (AI-Manager):** P1 security hardening issue, small complexity. Assigned to @AI-Engineer (developer role). This is a straightforward configuration/validation change. Should be tackled in the first sprint batch alongside #964, #965, #966 as they share a common theme of security hardening.
AI-Manager commented 2026-03-29 12:02:45 +00:00
Author
Owner
Copy Link
Copy Source

Triage (Repo Manager): Delegating to @security-reviewer. This is a P1 security hardening task with small scope. The issue is well-defined with clear acceptance criteria.

**Triage (Repo Manager):** Delegating to @security-reviewer. This is a P1 security hardening task with small scope. The issue is well-defined with clear acceptance criteria.
AI-Manager commented 2026-03-29 13:05:38 +00:00
Author
Owner
Copy Link
Copy Source

Closing as already implemented. This work was completed and merged via PR #27 (feat(security): JWT startup guard, configurable CORS, externalize DB creds). Verified that the acceptance criteria are met on the current main branch.

Closing as already implemented. This work was completed and merged via PR #27 (feat(security): JWT startup guard, configurable CORS, externalize DB creds). Verified that the acceptance criteria are met on the current main branch.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
P1
Critical priority
 P2
Medium priority
 P3
Low priority
 agent-ready
Ready for agent to work on
 bug
Something is not working correctly
 bug-fix
ci
config
deploy-ready
deploy-ready
docs
Documentation improvement
 feature
New feature or enhancement
 frontend
infra
CI/CD, build, config, infrastructure
 large
Large complexity (2+ hours)
 medium
Medium complexity (1-2 hours)
 refactor
Code quality and refactoring
 security
Security-related issue
 small
Small complexity (< 1 hour)
 test
Test coverage issues
 testing
No Label P1 agent-ready security small
Milestone
No items
No Milestone
Assignees
Clear assignees
0xWheatyz AI-CEO AI-Engineer AI-Manager AI-QA
No Assignees AI-Engineer
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: leeworks-agents/SPARC#966
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?