Refactor: Moving environment variables of docker-compose.yml to .dockercompose_env file #1055
Conversation
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 10005301 | Triggered | Generic Password | 2da3c55 | docker-compose.yml | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secret safely. Learn here the best practices.
- Revoke and rotate this secret.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
|
@sabaimran / @debanjum This will improve user experience for self hosting options . |
.dockercompose_env
Outdated
There was a problem hiding this comment.
Overall, this could improve the self-hosting experience by consolidating many of the user-configuration options into one file!
One potential issue I see is that it increases complexity of setup, because it requires a two-file install vs. one file. I would also rename the file to something like .khoj_docker_compose_env for specificity.
Another issue is that some environment variable names would be repurposed between containers implicitly, and it may not immediately be clear how. For example, the POSTGRES_* related variables.
This could be mitigated if we wrap the overall setup process within a shell script that can guide the user through setup via CLI, so they don't have to worry about the internals. A prerequisite to setup could be that Docker Desktop be installed.
Open to thoughts. Thanks for creating the PR. If we do accept this change, the Docker setup instructions would need to be updated.
There was a problem hiding this comment.
A shell script isn’t necessary since the setup is straightforward with Docker Compose. Renaming the file to .khoj_docker_compose_env is a great idea as it makes the configuration clear for new users.
There was a problem hiding this comment.
Another issue is that some environment variable names would be repurposed between containers implicitly, and it may not immediately be clear how. For example, the
POSTGRES_*related variables.
Since there’s no scaling involved, repurposing environment variables seems over-engineered in my opinion.
There was a problem hiding this comment.
The environment variables are already being repurposed, but the single compose file makes it opaque which containers are using which variables.
There was a problem hiding this comment.
if you have plans on revamping this do let me know , happy to support khoj .
Move Environment Variables to env File
Refactored the setup to move environment variables from
docker-compose.ymlto a.dockercompose_envfile for better maintainability. This makes managing secrets easier and keeps the docker-compose.yml cleaner.