Skip to content

docs(security): harden production Docker Compose defaults#4441

Open
ihopenre-eng wants to merge 1 commit into
hatchet-dev:mainfrom
ihopenre-eng:docs/harden-production-compose
Open

docs(security): harden production Docker Compose defaults#4441
ihopenre-eng wants to merge 1 commit into
hatchet-dev:mainfrom
ihopenre-eng:docs/harden-production-compose

Conversation

@ihopenre-eng

Copy link
Copy Markdown

Summary

  • keep PostgreSQL and RabbitMQ on the internal Compose network instead of publishing their ports on the host
  • require operator-provided credentials for PostgreSQL, RabbitMQ, and the initial Hatchet owner
  • reuse those credentials consistently across the documented services
  • remove the documented default owner credentials

Rationale

The guide describes this stack as production-ready, so the example should be secure when copied as documented. Internal dependencies do not need host-published ports for inter-service communication, and production credentials should be supplied explicitly by the operator.

This keeps the change scoped to deployment hardening and documentation clarity.

Validation

  • git diff --check
  • manually reviewed Compose variable interpolation and service references
  • docker compose config was not run because Docker is unavailable in the local environment

@vercel

vercel Bot commented Jul 15, 2026

Copy link
Copy Markdown

@ihopenre-eng is attempting to deploy a commit to the Hatchet Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions Bot added the documentation Improvements or additions to documentation label Jul 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Improvements or additions to documentation

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant