search

ForestAdmin / lumber

Install Forest Admin in minutes.
https://www.forestadmin.com
MIT License
2.08k stars 106 forks source link

DATABASE_URL hard-coded in docker-compose.yml #439

Closed albertinator closed 4 years ago

albertinator commented 4 years ago

Expected behavior

Expect services.app in docker-compose.yml to source environment variables from .env.

Actual behavior

It was surprising to see that our DATABASE_URL was directly added to the services.app.environment property (hard-coded) when the docker-compose.yml was generated by lumber.

Failure Logs

Not a failure, just a security concern because many users likely will create a Git repo out of this and the docker-compose.yml would part of that codebase with a DATABASE_URL hard-coded in.

I wouldn't have known this if I didn't thoroughly inspect every file generated by lumber.

Context

rap2hpoutre commented 4 years ago

A new version of lumber has just been released thanks to your suggestion: https://github.com/ForestAdmin/lumber/pull/464#issuecomment-709057240 🎉

Thank you for your feedback! 🙏

Feel free to re-open this issue if you have any issue!