Using the official Postgres Docker image to start a new Postgres server is straightforward. The Docker entrypoint script reads POSTGRES_PASSWORD, sets the superuser password via initdb, and then keeps running. The container starts. Your application connects. Everything looks fine. This is very convenient, but is it a good practice from a security perspective? As you …
Continue reading Don’t Put Secrets in Your PostgreSQL Environment Variables
Loading...
Skip to content