security: remove hardcoded Postgres password fallback#5
Merged
Conversation
Agent-Logs-Url: https://github.com/marcabru-tech/DataBank-Site/sessions/d71df034-ecda-4084-a4fb-6762fea7eb08 Co-authored-by: marcabru-tech <176715578+marcabru-tech@users.noreply.github.com>
Copilot created this pull request from a session on behalf of
marcabru-tech
April 10, 2026 20:34
View session
Review Summary by QodoRemove hardcoded Postgres password fallback for security
WalkthroughsDescription• Remove hardcoded password fallback from docker-compose.yml • Add .env.example template for local development • Enforce explicit password supply via environment variables Diagramflowchart LR
A["docker-compose.yml<br/>with hardcoded fallback"] -- "remove :-databank<br/>default values" --> B["docker-compose.yml<br/>requires explicit env var"]
C["new .env.example"] -- "provides local dev<br/>reference template" --> D["developers configure<br/>POSTGRES_PASSWORD"]
B --> E["enhanced security<br/>no credential exposure"]
D --> E
File Changes1. .env.example
|
Code Review by Qodo
|
There was a problem hiding this comment.
Pull request overview
Removes a hardcoded default Postgres password from docker-compose.yml to reduce credential exposure risk and require explicit configuration for local/dev environments.
Changes:
- Removed
:-databankfallback fromPOSTGRES_PASSWORDandDATABASE_URLindocker-compose.yml. - Added a root
.env.exampleintended as a local development environment template.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| docker-compose.yml | Removes the hardcoded password fallback from Compose variable expansion. |
| .env.example | Introduces an env template for local setup (currently includes POSTGRES_PASSWORD). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -0,0 +1 @@ | |||
| POSTGRES_PASSWORD=databank | |||
There was a problem hiding this comment.
POSTGRES_PASSWORD=databank in .env.example reintroduces a hardcoded credential-like value in the repo (likely to keep triggering secret scanners) and also doesn’t provide the DATABASE_URL that Prisma requires (prisma/schema.prisma uses env("DATABASE_URL"), and README.md instructs cp .env.example .env.local). Consider using a non-secret placeholder (e.g., POSTGRES_PASSWORD=changeme) and include a DATABASE_URL=... example (or a comment) so local setup works after copying the file.
Comment on lines
7
to
10
| POSTGRES_DB: databank | ||
| POSTGRES_USER: databank | ||
| POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-databank} | ||
| POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} | ||
| ports: |
There was a problem hiding this comment.
Using ${POSTGRES_PASSWORD} without a default or required check means docker compose will substitute an empty string when the variable is unset, which can lead to confusing startup failures (Postgres requires a non-empty password by default, and the app’s DATABASE_URL will be malformed). Prefer Compose’s required-variable form (e.g., ${POSTGRES_PASSWORD:?...}) for both POSTGRES_PASSWORD and the DATABASE_URL substitution so misconfiguration fails fast.
![qodo-code-review[bot]](https://avatars.githubusercontent.com/in/484649?s=60&v=4){kind=small}
| POSTGRES_DB: databank | ||
| POSTGRES_USER: databank | ||
| POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-databank} | ||
| POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} |
There was a problem hiding this comment.
1. Compose env var required 🐞 Bug ☼ Reliability
docker-compose.yml now substitutes POSTGRES_PASSWORD without a default/required guard, but the README Docker instructions don't set it, so docker compose up --build can run with an empty substitution and break DB/app startup.
Agent Prompt
## Issue description
`docker compose up --build` is documented as a one-liner, but `docker-compose.yml` now requires `POSTGRES_PASSWORD` to be provided at compose-parse time. Without an explicit guard or documentation, users will hit startup/connection failures.
## Issue Context
The PR intentionally removed the hardcoded fallback. The replacement should still provide a clear, deterministic failure mode and an updated onboarding path.
## Fix Focus Areas
- Enforce required substitution (e.g., `${POSTGRES_PASSWORD:?POSTGRES_PASSWORD is required}`) for both `POSTGRES_PASSWORD` and `DATABASE_URL` construction.
- Update README Docker instructions to include the required env setup step (e.g., `cp .env.example .env` or exporting `POSTGRES_PASSWORD` before running compose).
- docker-compose.yml[6-30]
- README.md[158-165]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
| @@ -0,0 +1 @@ | |||
| POSTGRES_PASSWORD=databank | |||
There was a problem hiding this comment.
2. Env example breaks setup 🐞 Bug ≡ Correctness
The new .env.example only defines POSTGRES_PASSWORD, but the documented setup and Prisma schema require DATABASE_URL, so copying it to .env.local leaves migrations/app without a DB connection string.
Agent Prompt
## Issue description
`.env.example` is used by the README as the starting point for `.env.local`, but it doesn't include `DATABASE_URL`, which Prisma and the documented migration step require.
## Issue Context
This PR introduces `.env.example`, so it should be sufficient for the documented onboarding flow, or the README should be updated to reflect what users must add.
## Fix Focus Areas
- Add a `DATABASE_URL` template entry to `.env.example` (and ensure it matches the intended local workflow: host-based `localhost:5432` vs docker-network `db:5432`, or document both).
- Optionally change `POSTGRES_PASSWORD` example value to a placeholder (to avoid repeated secret-scanner noise), while still showing required shape.
- .env.example[1-1]
- README.md[58-66]
- README.md[69-74]
- prisma/schema.prisma[5-8]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GitGuardian flagged the hardcoded
databankpassword embedded as a default fallback indocker-compose.yml, which risks credential exposure in source control.Changes
docker-compose.yml— stripped:-databankdefault from bothPOSTGRES_PASSWORDandDATABASE_URL; password must now be explicitly supplied via environment variable.env.example— added to root withPOSTGRES_PASSWORD=databankas a local-dev reference template.gitignorealready excluded.env, so no change was needed there.