Closed treasuryesc closed 2 months ago
@revant could you please check this? Is there any way to avoid fixing db password inside docker-compose.yaml?
created with docker compose config
Use "docker compose up" directly then. You'll not have the generated yaml file with passwords.
created with docker compose config
Use "docker compose up" directly then. You'll not have the generated yaml file with passwords.
Hi @revant I think I wasn't clear on my issue description. The problem happens in the build process of a custom image and a docker-compose.yaml file for this image. When we use "docker compose --env-file .env -f overrides/compose.mariadb.yaml config > docker-compose.yaml" to create the docker-compose.yaml file, the config in overrides/compose.mariadb.yaml takes ${DB_PASSWORD} from the .env and puts on the docker-compose.yaml the DB password. The request is that overrides/compose.mariadb.yaml should keep the variable ${DB_PASSWORD} instead of replacing it when running "docker compose config", so when we run "docker compose up" docker would take the password from the .env and not from docker-compose.yaml
Another possibility could be using docker compose secrets: https://docs.docker.com/compose/how-tos/use-secrets/
You can improve and send PR.
I use Kubernetes for my setup, there I've managed db password through kubernetes secrets.
Is your feature request related to a problem? Please describe. Currently, frappe_docker uses a .env file where we should set the variable DB_PASSWORD in the moment of creating the docker-compose.yaml file (created with docker compose config). The database password is set in this file, which brings security issues.
Describe the solution you'd like The DB_PASSWORD should be set as a variable in docker-compose.yaml instead of using the password directly inside docker-compose.yaml, so we could use a .env located in the same folder of docker-compose.yaml, in order to define the database password only in the .env file and not inside the docker-compose.yaml.