chore(deploy): read pg creds from env, drop hardcoded placeholder#66
Merged
Conversation
Both compose files shipped with `POSTGRES_PASSWORD: indexer` baked in
and `INDEXER_DATABASE_URL: postgres://indexer:indexer@...`. Even though
postgres binds to 127.0.0.1 only, baking the placeholder into the
public repo makes any vps4-side foothold trivially upgradeable.
- Replace literals with required-env interpolation (${VAR:?env required})
- Add .env.production to .gitignore
- Operator runs with --env-file .env.production locally; CI/dev still
uses .env.example (placeholder values OK there)
|
Caution Review failedPull request was closed or merged during review 📝 WalkthroughWalkthroughThis PR externalizes hardcoded database credentials and connection strings to required environment variables in docker-compose configurations, and excludes production environment files from version control. ChangesConfiguration Externalization
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Both
docker-compose.yml(mainnet) anddocker-compose.testnet.ymlshipped with hardcoded placeholderPOSTGRES_PASSWORD: indexerand fullINDEXER_DATABASE_URL: postgres://indexer:indexer@postgres:5432/.... Even though postgres binds 127.0.0.1 only, having the literal placeholder in a public repo makes any vps4-side foothold (RCE in another service, SSH key compromise) a trivial DB pivot — and primes anyone who copies this compose for production to ship the same weak default.What
${POSTGRES_PASSWORD:?env required}etc. (?env requiredsyntax fails compose-up if env not set, so silent fallback to placeholder is impossible).env.productionto.gitignore--env-file .env.production(gitignored, holds the strong random password).env.exampleretains placeholder values for dev/CI templatesVerify
Verified all 3 testnet containers come up healthy + indexer auth-success against pg with the new strong creds.
testnet-api.sentrixchain.comkeeps serving.Operator action
Generate strong password (
openssl rand -base64 32 | tr -d '/=+' | head -c 32), put in.env.productionper .env.example template, run the compose-up command above. Existing pg user can be rotated viaALTER USER indexer WITH PASSWORD '<new>';before restart so live connections aren't disrupted.Summary by CodeRabbit