Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Is there a way to use database-based apps without hardcoded database credentials? #16

Open
loganmarchione opened this issue Jun 9, 2022 · 1 comment

Comments

@loganmarchione
Copy link

I'm sure this makes the initial point-and-click setup easier for new users, but I don't like the idea of my database username/password being publicly known and hardcoded. Is there a way to specify credentials before the docker-compose file will start?

Even if Umbrel isn't exposed to the internet, maybe put a warning here about hardcoded default credentials? Below are two examples, but I'm sure there are more.

Gitea

GITEA__database__PASSWD: "moneyprintergobrrr"

MYSQL_PASSWORD: "moneyprintergobrrr"

Mempool

DATABASE_PASSWORD: "mempool"

MYSQL_PASSWORD: "mempool"

@nevets963
Copy link
Contributor

nevets963 commented Aug 11, 2022

Hi @loganmarchione, not at this stage. 1 thing to note is that these services (such as databases) are typically only accessible inside the Docker bridge. Therefore they're not exposed on the host to ensure they're not accessable by the outside world with these default credentials...

There were some thoughts in the community to improve the current situation:

  • Use deterministic passwords for services. These would be random strings, but always compute to the same string using some seed value
  • The user enters some credentials when they first install the app

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants