Closed cbakersdl closed 3 years ago
Thanks for idea. But I think it's dangerous to pre-populate the login fields via env vars, because if GUI URL is exposed at a moment, an attacker could take advantage of these. Using localStorage may be more secure...
being able to set up any app through the usage of environmental variables is the standard way to do so. This is in accordance with the 12-factor app guidelines as well as how most if not all cloud-native apps operate. I would love to see this in this project. As for the pre-populate part, this can be mitigated in multiple ways. For example, perform the auto-connect only if all the required variables are set (user, password, db, host, port). Please reconsider while keeping in mind that proper credential handling is the responsibility of the ops team that uses the service.
For automated deployments it is desirable to pre-populate the login fields for user, host, port, database so these do not have to be looked up by the operator every time they need to login.