fix: remove hardcoded PostgreSQL credentials from docker-compose.yml#1972
fix: remove hardcoded PostgreSQL credentials from docker-compose.yml#1972namann5 wants to merge 3 commits into
Conversation
The docker-compose.yml had POSTGRES_USER and POSTGRES_PASSWORD hardcoded as 'secuscan', which is a critical security issue in any deployment where the PostgreSQL port is exposed beyond localhost. Changes: - Replace hardcoded credentials with environment variable references that must be set at deploy time (SECUSCAN_POSTGRES_USER, SECUSCAN_POSTGRES_PASSWORD, SECUSCAN_POSTGRES_DB) - Add sensible defaults for user and database name - Use mandatory-variable syntax for the password so docker-compose refuses to start without it - Update the api service's SECUSCAN_POSTGRES_DSN to use the same environment variable references - Document the new variables in .env.example with a strong-password generation hint
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
utksh1
left a comment
There was a problem hiding this comment.
The hardening direction is reasonable, but this silently breaks the documented quickstart: docker compose up --build (README) now requires SECUSCAN_POSTGRES_PASSWORD to be set. Please update the README and docker-compose docs in the same PR so the one-command flow still works.
Also, the security claim is overstated — the existing compose binds PostgreSQL to 127.0.0.1:5432, so this is hardening against bad local defaults rather than a critical remote compromise.
Change :? back to :- defaults for SECUSCAN_POSTGRES_PASSWORD so docker compose up --build works without pre-setting env vars. PostgreSQL is already bound to 127.0.0.1:5432 in the compose file, so the default credentials are local-only. - docker-compose.yml: use :-secuscan defaults for POSTGRES_PASSWORD and DSN - README.md: document production hardening guidance alongside quickstart - docs/windows_contributor_guide.md: same note for Windows contributors - .env.example: clarify PostgreSQL vars are optional overrides, not required
Closes #1970
Summary
Replaces hardcoded PostgreSQL credentials in docker-compose.yml with overridable environment variables while preserving the one-command quickstart flow.
Changes
Why
Hardcoded credentials in source are a bad practice. This change makes them overridable via environment variables while keeping local dev ergonomic. PostgreSQL is bound to 127.0.0.1:5432 in the compose file, so the default credentials are not remotely exploitable in the default deployment. Override them if PostgreSQL will be accessible beyond localhost.