fix(engram): use static internal Postgres password in DSN

The template helper's ${password:N} can emit URL-reserved characters
(!@#$%^&*), which corrupt ENGRAM_DATABASE_URL while Postgres receives
the raw password, causing intermittent connection failures on first
deploy. Postgres is not exposed (internal network only), so a static
internal password is safe and matches the convention used by the
umami and documenso templates. Real secrets (JWT, cloud token, admin
token) remain randomly generated.
This commit is contained in:
Daniel Esteves
2026-06-19 19:17:19 -04:00
parent a29e4b4a18
commit 01f532d02c
2 changed files with 2 additions and 5 deletions

View File

@@ -5,7 +5,7 @@ services:
restart: unless-stopped
environment:
POSTGRES_USER: engram
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_PASSWORD: engram
POSTGRES_DB: engram_cloud
volumes:
- engram-postgres:/var/lib/postgresql/data
@@ -22,7 +22,7 @@ services:
postgres:
condition: service_healthy
environment:
ENGRAM_DATABASE_URL: ${ENGRAM_DATABASE_URL}
ENGRAM_DATABASE_URL: postgres://engram:engram@postgres:5432/engram_cloud?sslmode=disable
ENGRAM_JWT_SECRET: ${ENGRAM_JWT_SECRET}
ENGRAM_CLOUD_TOKEN: ${ENGRAM_CLOUD_TOKEN}
ENGRAM_CLOUD_ADMIN: ${ENGRAM_CLOUD_ADMIN}

View File

@@ -1,14 +1,11 @@
[variables]
main_domain = "${domain}"
pg_password = "${password:32}"
jwt_secret = "${password:64}"
cloud_token = "${password:48}"
admin_token = "${password:48}"
[config]
env = [
"POSTGRES_PASSWORD=${pg_password}",
"ENGRAM_DATABASE_URL=postgres://engram:${pg_password}@postgres:5432/engram_cloud?sslmode=disable",
"ENGRAM_JWT_SECRET=${jwt_secret}",
"ENGRAM_CLOUD_TOKEN=${cloud_token}",
"ENGRAM_CLOUD_ADMIN=${admin_token}",