Devin
cf1b98738e
Some checks failed
CI / Backend (go 1.23.x) (pull_request) Successful in 53s
CI / Backend security scanners (pull_request) Failing after 46s
CI / Frontend (node 20) (pull_request) Successful in 2m8s
CI / gitleaks (secret scan) (pull_request) Failing after 8s
e2e-full / e2e-full (pull_request) Has been skipped
PR #3 scrubbed L@ker$2010 from every env file, compose unit, and deployment doc but missed scripts/setup-database.sh, which still hard- coded DB_PASSWORD="L@ker\$2010" on line 17. That slipped past gitleaks because the shell-escaped form (backslash-dollar) does not match the L@kers?\$?2010 regex committed in .gitleaks.toml -- the regex was written to catch the *expanded* form, not the source form. This commit removes the hardcoded default and requires DB_PASSWORD to be exported by the operator before running the script. Same pattern as the rest of the PR #3 conversion (fail-fast at boot when a required secret is unset) so there is no longer any legitimate reason for the password string to live in the repo. Verification: git grep -nE 'L@kers?\\?\$?2010' -- scripts/ # no matches bash -n scripts/setup-database.sh # clean
2.1 KiB
2.1 KiB