Skip to content

fix: remove hardcoded PostgreSQL credentials from docker-compose.yml#1972

Open
namann5 wants to merge 3 commits into
utksh1:mainfrom
namann5:fix/hardcoded-postgres-credentials
Open

fix: remove hardcoded PostgreSQL credentials from docker-compose.yml#1972
namann5 wants to merge 3 commits into
utksh1:mainfrom
namann5:fix/hardcoded-postgres-credentials

Conversation

@namann5

@namann5 namann5 commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Closes #1970

Summary

Replaces hardcoded PostgreSQL credentials in docker-compose.yml with overridable environment variables while preserving the one-command quickstart flow.

Changes

  • docker-compose.yml: POSTGRES_USER, POSTGRES_PASSWORD, and POSTGRES_DB use env var references with safe defaults (:-secuscan)
  • docker-compose.yml: SECUSCAN_POSTGRES_DSN uses the same variable references
  • .env.example: Document the SECUSCAN_POSTGRES_USER, SECUSCAN_POSTGRES_PASSWORD, SECUSCAN_POSTGRES_DB variables with strong-password generation hint
  • README.md: Note that default credentials are local-only and should be overridden for production
  • docs/windows_contributor_guide.md: Same production guidance

Why

Hardcoded credentials in source are a bad practice. This change makes them overridable via environment variables while keeping local dev ergonomic. PostgreSQL is bound to 127.0.0.1:5432 in the compose file, so the default credentials are not remotely exploitable in the default deployment. Override them if PostgreSQL will be accessible beyond localhost.

The docker-compose.yml had POSTGRES_USER and POSTGRES_PASSWORD
hardcoded as 'secuscan', which is a critical security issue in any
deployment where the PostgreSQL port is exposed beyond localhost.

Changes:
- Replace hardcoded credentials with environment variable references
  that must be set at deploy time (SECUSCAN_POSTGRES_USER,
  SECUSCAN_POSTGRES_PASSWORD, SECUSCAN_POSTGRES_DB)
- Add sensible defaults for user and database name
- Use  mandatory-variable syntax for the password so
  docker-compose refuses to start without it
- Update the api service's SECUSCAN_POSTGRES_DSN to use the same
  environment variable references
- Document the new variables in .env.example with a strong-password
  generation hint
@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

@utksh1 utksh1 left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The hardening direction is reasonable, but this silently breaks the documented quickstart: docker compose up --build (README) now requires SECUSCAN_POSTGRES_PASSWORD to be set. Please update the README and docker-compose docs in the same PR so the one-command flow still works.

Also, the security claim is overstated — the existing compose binds PostgreSQL to 127.0.0.1:5432, so this is hardening against bad local defaults rather than a critical remote compromise.

@utksh1 utksh1 added level:beginner 20 pts difficulty label for small beginner-friendly PRs type:security Security work category bonus label area:backend Backend API, database, or service work area:security Security-sensitive implementation or tests labels Jul 9, 2026
Jeshika311 and others added 2 commits July 10, 2026 11:56
Change :? back to :- defaults for SECUSCAN_POSTGRES_PASSWORD so
docker compose up --build works without pre-setting env vars.
PostgreSQL is already bound to 127.0.0.1:5432 in the compose file,
so the default credentials are local-only.

- docker-compose.yml: use :-secuscan defaults for POSTGRES_PASSWORD and DSN
- README.md: document production hardening guidance alongside quickstart
- docs/windows_contributor_guide.md: same note for Windows contributors
- .env.example: clarify PostgreSQL vars are optional overrides, not required
@namann5

namann5 commented Jul 10, 2026

Copy link
Copy Markdown
Contributor Author

@utksh1
Fixed in b4b02d2 — reverted the :? syntax to :-secuscan defaults so docker compose up --build works without env vars, and added notes in README + windows contributor guide explaining the defaults are local-only and should be overridden for production. PR description updated to match. PTAL.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area:backend Backend API, database, or service work area:security Security-sensitive implementation or tests level:beginner 20 pts difficulty label for small beginner-friendly PRs type:security Security work category bonus label

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Critical: Hardcoded default PostgreSQL credentials in docker-compose.yml

3 participants