Docker DB initialization script prints admin password to console

[fsteggink]

The script to create a new database prints the admin password to the console. This is undesirable for security purposes. Often console output (of Docker containers or otherwise) is accumulated in a logging / monitoring system, like the ELK-stack. The offending script is docker/scripts/configure.sh, and specifically the line paver create -u ${ADMIN_NAME} -p ${ADMIN_PWD} -e ${ADMIN_EMAIL}. Here, another Python script is called.

When running docker logs ghc_runner, you'll see the following output:

START /run-runner.sh
Container timezone not modified
Container timezone set to: Europe/Amsterdam
START /configure.sh
Using DB_TYPE=sqlite
Creating SQLite DB tables...
/GeoHealthCheck /
---> pavement.create
python GeoHealthCheck/models.py create admintest admintest <email>
2021-06-29 11:50:59,392 - init - INFO - created GHC App instance #1
Creating database objects
Creating superuser account
/
END /configure.sh
---> pavement.runner_daemon
python GeoHealthCheck/scheduler.py
2021-06-29 11:51:00,309 - init - INFO - created GHC App instance #1

As a minimum, the password (the second occurrence of admintest) should be redacted. Furthermore, one might ask oneself if it is really necessary to log this information.

[fsteggink]

The same line also occurs in the output of docker logs ghc_web.