Remove plain password input into environmental vars

Open harleylang opened this issue 5 years ago • 2 comments

See: https://github.com/emersion/hydroxide/issues/109#issuecomment-658490964

Jul 15 '20 01:07 harleylang

I note that comment linked is around the TLS wrapper security - I can add that by adding a Traefik service into the Docker-Compose. However the title for this issue is talking about plain password input - I can see a few issues around security - shall I just add them myself seperately?

Dec 24 '20 03:12 arichtman

@arichtman yes any PRs that seeks to tighten the security of the Dockerfile / docker-compose (including best practices for inputting / storing passwords) are welcome!!!

Dec 24 '20 23:12 harleylang