You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi! I'm trying to set up the docker-compose and from the setup guide it looks well crafted, thanks!
A minor optimization though: The part about POSTGRES_PASSWORD and SECRETS_postgres_password leaves me wondering whether I should use the same random value for both, or if there's a security benefit if both are different. For now I'll just use the same because in my test scenario I don't need maximum security anyway.
(Edit: Found it in the comments in the YAML file. Still won't hurt to change "both be athe (same) password" in Readme.)
Also it would be nice to have a shell script that replaces empty secrets with randomly generated ones, reporting an overview of which secrets have been kept and which have been generated.
The readme could then group all the secrets settings below a todo item "Setup secrets: Run ./util/randomize_missing_secrets.sh to generate all missing ones, or set these manually:"
I can contribute that script (at what path?) if you like.
Edit: I found it a bit cumbersome to have to configure each password twice, in locations far apart from another. ("Far" in a 20 lines shell window.) My first idea was to sync them in the script I suggested, but wouldn't it be even easier to have a "secrets" directory with each password being a separate file and mounting that file into the containers that need it? That's how I usually do it in my docker-compose projects. Not sure though whether mounting them still requires an absolute path nowadays. (I use a template system to generate my docker-compose files on the fly, so I don't have to deal with determining absolute paths.)
The text was updated successfully, but these errors were encountered:
Hi! I'm trying to set up the docker-compose and from the setup guide it looks well crafted, thanks!
A minor optimization though: The part about
POSTGRES_PASSWORD
andSECRETS_postgres_password
leaves me wondering whether I should use the same random value for both, or if there's a security benefit if both are different. For now I'll just use the same because in my test scenario I don't need maximum security anyway.(Edit: Found it in the comments in the YAML file. Still won't hurt to change "both be
athe (same) password" in Readme.)Also it would be nice to have a shell script that replaces empty secrets with randomly generated ones, reporting an overview of which secrets have been kept and which have been generated.
The readme could then group all the secrets settings below a todo item "Setup secrets: Run
./util/randomize_missing_secrets.sh
to generate all missing ones, or set these manually:"I can contribute that script (at what path?) if you like.
Edit: I found it a bit cumbersome to have to configure each password twice, in locations far apart from another. ("Far" in a 20 lines shell window.) My first idea was to sync them in the script I suggested, but wouldn't it be even easier to have a "secrets" directory with each password being a separate file and mounting that file into the containers that need it? That's how I usually do it in my docker-compose projects. Not sure though whether mounting them still requires an absolute path nowadays. (I use a template system to generate my docker-compose files on the fly, so I don't have to deal with determining absolute paths.)
The text was updated successfully, but these errors were encountered: