You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm sure this makes the initial point-and-click setup easier for new users, but I don't like the idea of my database username/password being publicly known and hardcoded. Is there a way to specify credentials before the docker-compose file will start?
Even if Umbrel isn't exposed to the internet, maybe put a warning here about hardcoded default credentials? Below are two examples, but I'm sure there are more.
Hi @loganmarchione, not at this stage. 1 thing to note is that these services (such as databases) are typically only accessible inside the Docker bridge. Therefore they're not exposed on the host to ensure they're not accessable by the outside world with these default credentials...
There were some thoughts in the community to improve the current situation:
Use deterministic passwords for services. These would be random strings, but always compute to the same string using some seed value
The user enters some credentials when they first install the app
I'm sure this makes the initial point-and-click setup easier for new users, but I don't like the idea of my database username/password being publicly known and hardcoded. Is there a way to specify credentials before the docker-compose file will start?
Even if Umbrel isn't exposed to the internet, maybe put a warning here about hardcoded default credentials? Below are two examples, but I'm sure there are more.
Gitea
umbrel-apps/gitea/docker-compose.yml
Line 31 in e7c053f
umbrel-apps/gitea/docker-compose.yml
Line 45 in e7c053f
Mempool
umbrel-apps/mempool/docker-compose.yml
Line 42 in e7c053f
umbrel-apps/mempool/docker-compose.yml
Line 59 in e7c053f
The text was updated successfully, but these errors were encountered: