Sort out the database and service passwords. Maybe generate one for each service on data compiling and store them somewhere safe?
/opt/avapolos/data/secrets
[x] Specify what services and or databases need a generated password.
On data compiling time, secrets file should be generated and sourced by the compiler:
[x] Create a secrets file on the data directory at compile time.
[x] Lock down the file using 600 permission
[x] Generate a hex number of size 16 for each password using opessl rand -hex 16 (50 nonillion years to break!)
[x] Update the compiling scripts of each service.
[x] Update the docker-compose.yml of each service.
[x] Update the connect-db-master and connect-db-sync commands.
Upgrade security
Sort out the database and service passwords. Maybe generate one for each service on data compiling and store them somewhere safe? /opt/avapolos/data/secrets
On data compiling time, secrets file should be generated and sourced by the compiler:
600
permissionopessl rand -hex 16
(50 nonillion years to break!)connect-db-master
andconnect-db-sync
commands.