diff --git a/.env.example b/.env.example
index 4e83bd2..d0bb2cf 100644
--- a/.env.example
+++ b/.env.example
@@ -1,5 +1,8 @@
 # L2 Server Configuration
 
+# PostgreSQL password (REQUIRED - no default)
+POSTGRES_PASSWORD=changeme-generate-with-openssl-rand-hex-16
+
 # Domain for this ActivityPub server
 ARTDAG_DOMAIN=artdag.rose-ash.com
 
diff --git a/README.md b/README.md
index f180d79..31f8c36 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,7 @@ pip install -r requirements.txt
 # Configure
 export ARTDAG_DOMAIN=artdag.example.com
 export ARTDAG_USER=giles
-export DATABASE_URL=postgresql://artdag:artdag@localhost:5432/artdag
+export DATABASE_URL=postgresql://artdag:$POSTGRES_PASSWORD@localhost:5432/artdag
 export L1_SERVERS=https://celery-artdag.example.com
 
 # Generate signing keys (required for federation)
@@ -52,7 +52,7 @@ docker stack deploy -c docker-compose.yml artdag-l2
 | `ARTDAG_DOMAIN` | `artdag.rose-ash.com` | Domain for ActivityPub actors |
 | `ARTDAG_USER` | `giles` | Default username |
 | `ARTDAG_DATA` | `~/.artdag/l2` | Data directory |
-| `DATABASE_URL` | `postgresql://artdag:artdag@localhost:5432/artdag` | PostgreSQL connection |
+| `DATABASE_URL` | **(required)** | PostgreSQL connection |
 | `L1_SERVERS` | - | Comma-separated list of L1 server URLs |
 | `JWT_SECRET` | (generated) | JWT signing secret |
 | `HOST` | `0.0.0.0` | Server bind address |
diff --git a/db.py b/db.py
index 3f0590e..205271d 100644
--- a/db.py
+++ b/db.py
@@ -32,10 +32,9 @@ def _parse_timestamp(ts) -> datetime:
 _pool: Optional[asyncpg.Pool] = None
 
 # Configuration from environment
-DATABASE_URL = os.environ.get(
-    "DATABASE_URL",
-    "postgresql://artdag:artdag@localhost:5432/artdag"
-)
+DATABASE_URL = os.environ.get("DATABASE_URL")
+if not DATABASE_URL:
+    raise RuntimeError("DATABASE_URL environment variable is required")
 
 # Schema for database initialization
 SCHEMA = """
diff --git a/docker-compose.yml b/docker-compose.yml
index a25e636..17b0e7e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,7 +5,7 @@ services:
     image: postgres:16-alpine
     environment:
       POSTGRES_USER: artdag
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-artdag}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
       POSTGRES_DB: artdag
     volumes:
       - postgres_data:/var/lib/postgresql/data
@@ -45,7 +45,7 @@ services:
       - .env
     environment:
       - ARTDAG_DATA=/data/l2
-      - DATABASE_URL=postgresql://artdag:${POSTGRES_PASSWORD:-artdag}@postgres:5432/artdag
+      - DATABASE_URL=postgresql://artdag:${POSTGRES_PASSWORD}@postgres:5432/artdag
       - IPFS_API=/dns/ipfs/tcp/5001
       - ANCHOR_BACKUP_DIR=/data/anchors
       # ARTDAG_DOMAIN, ARTDAG_USER, JWT_SECRET from .env file
diff --git a/migrate.py b/migrate.py
index 6dbfb1f..146c487 100755
--- a/migrate.py
+++ b/migrate.py
@@ -27,10 +27,9 @@ import asyncpg
 
 # Configuration
 DATA_DIR = Path(os.environ.get("ARTDAG_DATA", str(Path.home() / ".artdag" / "l2")))
-DATABASE_URL = os.environ.get(
-    "DATABASE_URL",
-    "postgresql://artdag:artdag@localhost:5432/artdag"
-)
+DATABASE_URL = os.environ.get("DATABASE_URL")
+if not DATABASE_URL:
+    raise RuntimeError("DATABASE_URL environment variable is required")
 
 SCHEMA = """
 -- Drop existing tables (careful in production!)