Skip to content

Enforce strict runtime secrets, add env loader, and make DB setup explicit#52

Closed
ehsanking wants to merge 3 commits intomainfrom
ehsan/refactor-db-setup-for-safer-migrations-wqgmc0
Closed

Enforce strict runtime secrets, add env loader, and make DB setup explicit#52
ehsanking wants to merge 3 commits intomainfrom
ehsan/refactor-db-setup-for-safer-migrations-wqgmc0

Conversation

@ehsanking
Copy link
Copy Markdown
Owner

@ehsanking ehsanking commented Mar 28, 2026

Motivation

  • Harden production startup by refusing weak or placeholder secrets and making required credentials explicit.
  • Support an explicit env-file policy (local vs docker-compose) and deterministic precedence for loading environment values.
  • Replace implicit DB auto-detection with clear, explicit workflows for local init and production migrations to avoid accidental schema drift.

Description

  • Introduces an env loader lib/env-loader.ts and applies a policy (.env.local for local-dev, .env for docker-compose) with precedence process.env > primary > secondary and helper loadEnvWithPolicy.
  • Adds strict runtime validations in lib/env-security.ts and docker-entrypoint.sh to fail fast in production when secrets are missing, too short, placeholder-like, or obviously default.
  • Updates docker-compose.yml to require critical vars at container start (uses :${VAR:?message}) and removes dangerous default credentials.
  • Reworks secret bootstrapping in lib/setup-secrets.ts to write generated values to the active env file based on policy and to generate VAPID keys; README and .env.example were updated to surface the new policy and placeholders.
  • Makes DB setup explicit: scripts/db-setup.ts now accepts init-dev (SQLite bootstrap) or migrate-prod (PostgreSQL migrate deploy) and uses the env loader to resolve DATABASE_URL; package.json scripts were updated accordingly and postinstall now runs prisma generate.
  • Improves docker-entrypoint.sh to use a stricter validator, fail fast on missing prisma CLI or failed migrations in production, and provide clearer logging and error handling.

Testing

  • Ran lint via npm run lint and static checks, which passed.
  • Ran unit tests with npm test (Vitest) against the modified modules, which passed.
  • Exercised DB workflows manually via the new scripts: npm run db:init:dev (SQLite path) and npm run db:migrate:prod (Postgres path) in a CI-like environment; both completed the expected steps (schema generation and migration) without errors.

Codex Task

@chatgpt-codex-connector
Copy link
Copy Markdown

chatgpt-codex-connector bot commented Mar 28, 2026

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

@ehsanking ehsanking closed this Mar 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ehsanking