The template helper's ${password:N} can emit URL-reserved characters
(!@#$%^&*), which corrupt ENGRAM_DATABASE_URL while Postgres receives
the raw password, causing intermittent connection failures on first
deploy. Postgres is not exposed (internal network only), so a static
internal password is safe and matches the convention used by the
umami and documenso templates. Real secrets (JWT, cloud token, admin
token) remain randomly generated.
Engram Cloud is a self-hosted persistent-memory sync server for AI
coding agents. Deploys the published ghcr.io/gentleman-programming/engram
image with a PostgreSQL backend, auto-generated auth secrets (cloud
token, admin token, JWT secret), and a domain on the dashboard/API port.