fix(db): remove hardcoded local DB password from docker-compose (#600)

jadonamite · jadonamite · commit 615f491fb393 · 2026-06-25T00:03:46.000+01:00
GitGuardian flagged the static dev password in docker-compose.yml. Move all
credentials to .env interpolation (DB_PASSWORD is now required, no default)
and add .env.example with a placeholder. .env is already gitignored.
diff --git a/.env.example b/.env.example
@@ -0,0 +1,18 @@
+# Issue #600: local serverless DB multiplexing (docker-compose).
+# Copy to .env and set a real value for DB_PASSWORD. Never commit .env.
+#
+#   cp .env.example .env
+
+# Database / PgBouncer credentials (used by docker-compose.yml)
+DB_NAME=subtrackr
+DB_USER=subtrackr_app
+DB_PASSWORD=change-me
+
+# Serverless pool target (point the app at PgBouncer, not Postgres directly)
+DB_PROXY_HOST=localhost
+DB_PROXY_PORT=6432
+DB_PROXY_AUTH_MODE=scram-256
+DB_PROXY_TXN_POOLING=true
+DB_PROXY_PREPARED_STATEMENTS=true
+DB_PROXY_MAX_CONN=50
+DB_LEAK_THRESHOLD_MS=30000
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -5,26 +5,29 @@
 #
 #   App / serverless handlers -> PgBouncer :6432 -> PostgreSQL :5432
 #
+# Credentials are read from a local .env file (see .env.example) — never
+# hardcoded here. Copy .env.example to .env and set DB_PASSWORD before running:
+#   cp .env.example .env && docker compose up
+#
 # Point the app at the proxy:
-#   DB_PROXY_HOST=localhost  DB_PROXY_PORT=6432
-#   DB_PROXY_AUTH_MODE=scram-256  DB_USER=subtrackr_app  DB_PASSWORD=subtrackr
+#   DB_PROXY_HOST=localhost  DB_PROXY_PORT=6432  DB_PROXY_AUTH_MODE=scram-256
 version: "3.9"
 
 services:
   postgres:
     image: postgres:16-alpine
     environment:
-      POSTGRES_DB: subtrackr
-      POSTGRES_USER: subtrackr_app
-      POSTGRES_PASSWORD: subtrackr
+      POSTGRES_DB: ${DB_NAME:-subtrackr}
+      POSTGRES_USER: ${DB_USER:-subtrackr_app}
+      POSTGRES_PASSWORD: ${DB_PASSWORD:?set DB_PASSWORD in .env}
       # SCRAM-SHA-256 so PgBouncer auth matches production.
       POSTGRES_INITDB_ARGS: "--auth-host=scram-sha-256"
     ports:
       - "5432:5432"
     volumes:
       - pgdata:/var/lib/postgresql/data
     healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U subtrackr_app -d subtrackr"]
+      test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-subtrackr_app} -d ${DB_NAME:-subtrackr}"]
       interval: 5s
       timeout: 3s
       retries: 10
@@ -34,12 +37,13 @@ services:
     depends_on:
       postgres:
         condition: service_healthy
+    # DB_USER / DB_PASSWORD / DB_NAME interpolated from .env (see below).
     environment:
       DB_HOST: postgres
       DB_PORT: "5432"
-      DB_USER: subtrackr_app
-      DB_PASSWORD: subtrackr
-      DB_NAME: subtrackr
+      DB_USER: ${DB_USER:-subtrackr_app}
+      DB_PASSWORD: ${DB_PASSWORD:?set DB_PASSWORD in .env}
+      DB_NAME: ${DB_NAME:-subtrackr}
       # Transaction pooling: small server pool fans out to many clients.
       POOL_MODE: transaction
       AUTH_TYPE: scram-sha-256
@@ -55,7 +59,7 @@ services:
     ports:
       - "6432:6432"
     healthcheck:
-      test: ["CMD-SHELL", "pg_isready -h 127.0.0.1 -p 6432 -U subtrackr_app"]
+      test: ["CMD-SHELL", "pg_isready -h 127.0.0.1 -p 6432 -U ${DB_USER:-subtrackr_app}"]
       interval: 5s
       timeout: 3s
       retries: 10
