DATABASE_URL hard-coded in docker-compose.yml
albertinator opened this issue · 1 comments
Expected behavior
Expect services.app in docker-compose.yml to source environment variables from .env.
Actual behavior
It was surprising to see that our DATABASE_URL was directly added to the services.app.environment property (hard-coded) when the docker-compose.yml was generated by lumber.
Failure Logs
Not a failure, just a security concern because many users likely will create a Git repo out of this and the docker-compose.yml would part of that codebase with a DATABASE_URL hard-coded in.
I wouldn't have known this if I didn't thoroughly inspect every file generated by lumber.
Context
- Lumber Package Version: 3.6.0
- Database Dialect: PostgreSQL
- Database Version: 11.6
A new version of lumber has just been released thanks to your suggestion: #464 (comment) 🎉
Thank you for your feedback! 🙏
Feel free to re-open this issue if you have any issue!