Skip to content

security: remove hardcoded Postgres password fallback #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
marcabru-tech merged 1 commit into from
Apr 10, 2026
Merged

security: remove hardcoded Postgres password fallback #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
POSTGRES_PASSWORD=databank

Copilot AI Apr 10, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

POSTGRES_PASSWORD=databank in .env.example reintroduces a hardcoded credential-like value in the repo (likely to keep triggering secret scanners) and also doesn’t provide the DATABASE_URL that Prisma requires (prisma/schema.prisma uses env("DATABASE_URL"), and README.md instructs cp .env.example .env.local). Consider using a non-secret placeholder (e.g., POSTGRES_PASSWORD=changeme) and include a DATABASE_URL=... example (or a comment) so local setup works after copying the file.

Copilot uses AI. Check for mistakes.

@qodo-code-review qodo-code-review Bot Apr 10, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

2. Env example breaks setup 🐞 Bug ≡ Correctness

The new .env.example only defines POSTGRES_PASSWORD, but the documented setup and Prisma schema
require DATABASE_URL, so copying it to .env.local leaves migrations/app without a DB connection
string.
Agent Prompt 
## Issue description
`.env.example` is used by the README as the starting point for `.env.local`, but it doesn't include `DATABASE_URL`, which Prisma and the documented migration step require.

## Issue Context
This PR introduces `.env.example`, so it should be sufficient for the documented onboarding flow, or the README should be updated to reflect what users must add.

## Fix Focus Areas
- Add a `DATABASE_URL` template entry to `.env.example` (and ensure it matches the intended local workflow: host-based `localhost:5432` vs docker-network `db:5432`, or document both).
- Optionally change `POSTGRES_PASSWORD` example value to a placeholder (to avoid repeated secret-scanner noise), while still showing required shape.

- .env.example[1-1]
- README.md[58-66]
- README.md[69-74]
- prisma/schema.prisma[5-8]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

4 changes: 2 additions & 2 deletions docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ services:
environment:
POSTGRES_DB: databank
POSTGRES_USER: databank
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-databank}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}

@qodo-code-review qodo-code-review Bot Apr 10, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

1. Compose env var required 🐞 Bug ☼ Reliability

docker-compose.yml now substitutes POSTGRES_PASSWORD without a default/required guard, but the
README Docker instructions don't set it, so docker compose up --build can run with an empty
substitution and break DB/app startup.
Agent Prompt 
## Issue description
`docker compose up --build` is documented as a one-liner, but `docker-compose.yml` now requires `POSTGRES_PASSWORD` to be provided at compose-parse time. Without an explicit guard or documentation, users will hit startup/connection failures.

## Issue Context
The PR intentionally removed the hardcoded fallback. The replacement should still provide a clear, deterministic failure mode and an updated onboarding path.

## Fix Focus Areas
- Enforce required substitution (e.g., `${POSTGRES_PASSWORD:?POSTGRES_PASSWORD is required}`) for both `POSTGRES_PASSWORD` and `DATABASE_URL` construction.
- Update README Docker instructions to include the required env setup step (e.g., `cp .env.example .env` or exporting `POSTGRES_PASSWORD` before running compose).

- docker-compose.yml[6-30]
- README.md[158-165]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

ports:
Comment on lines 7 to 10

Copilot AI Apr 10, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using ${POSTGRES_PASSWORD} without a default or required check means docker compose will substitute an empty string when the variable is unset, which can lead to confusing startup failures (Postgres requires a non-empty password by default, and the app’s DATABASE_URL will be malformed). Prefer Compose’s required-variable form (e.g., ${POSTGRES_PASSWORD:?...}) for both POSTGRES_PASSWORD and the DATABASE_URL substitution so misconfiguration fails fast.

Copilot uses AI. Check for mistakes.
- "5432:5432"
volumes:
Expand All @@ -25,7 +25,7 @@ services:
db:
condition: service_healthy
environment:
- DATABASE_URL=postgresql://databank:${POSTGRES_PASSWORD:-databank}@db:5432/databank
- DATABASE_URL=postgresql://databank:${POSTGRES_PASSWORD}@db:5432/databank
- LOG_LEVEL=info
- PERSIST_LEADS=false

Expand Down
Loading