Remove dangerous fallback defaults from docker-compose passwords
Replace :-devpassword and :-dev-secret-change-me with :?error to prevent silent startup with weak credentials. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
60d8978b89
commit
6b68cf8da2
|
|
@ -6,7 +6,7 @@ services:
|
|||
restart: unless-stopped
|
||||
environment:
|
||||
POSTGRES_USER: swag
|
||||
POSTGRES_PASSWORD: ${DB_PASSWORD:-devpassword}
|
||||
POSTGRES_PASSWORD: ${DB_PASSWORD:?DB_PASSWORD must be set}
|
||||
POSTGRES_DB: swag
|
||||
volumes:
|
||||
- swag-db-data:/var/lib/postgresql/data
|
||||
|
|
@ -36,14 +36,14 @@ services:
|
|||
container_name: swag-backend
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- DATABASE_URL=postgresql://swag:${DB_PASSWORD:-devpassword}@db:5432/swag
|
||||
- DATABASE_URL=postgresql://swag:${DB_PASSWORD:?DB_PASSWORD must be set}@db:5432/swag
|
||||
- REDIS_URL=redis://redis:6379
|
||||
- STRIPE_SECRET_KEY=${STRIPE_SECRET_KEY}
|
||||
- STRIPE_WEBHOOK_SECRET=${STRIPE_WEBHOOK_SECRET}
|
||||
- PRODIGI_API_KEY=${PRODIGI_API_KEY}
|
||||
- PRINTFUL_API_TOKEN=${PRINTFUL_API_TOKEN}
|
||||
- POD_SANDBOX_MODE=${POD_SANDBOX_MODE:-true}
|
||||
- JWT_SECRET=${JWT_SECRET:-dev-secret-change-me}
|
||||
- JWT_SECRET=${JWT_SECRET:?JWT_SECRET must be set}
|
||||
- CORS_ORIGINS=${CORS_ORIGINS:-http://localhost:3000}
|
||||
- DESIGNS_PATH=/app/designs
|
||||
- CONFIG_PATH=/app/config
|
||||
|
|
|
|||
Loading…
Reference in New Issue