Remove hardcoded secrets from public repo

- Remove default password fallback from POSTGRES_PASSWORD in docker-compose.yml
- Remove default password fallback from db.py and migrate.py
- Update .env.example with required POSTGRES_PASSWORD
- Update README to mark DATABASE_URL as required

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.env.example

@@ -1,5 +1,8 @@
 # L2 Server Configuration
 
+# PostgreSQL password (REQUIRED - no default)
+POSTGRES_PASSWORD=changeme-generate-with-openssl-rand-hex-16
+
 # Domain for this ActivityPub server
 ARTDAG_DOMAIN=artdag.rose-ash.com
 

README.md

@@ -27,7 +27,7 @@ pip install -r requirements.txt
 # Configure
 export ARTDAG_DOMAIN=artdag.example.com
 export ARTDAG_USER=giles
-export DATABASE_URL=postgresql://artdag:artdag@localhost:5432/artdag
+export DATABASE_URL=postgresql://artdag:$POSTGRES_PASSWORD@localhost:5432/artdag
 export L1_SERVERS=https://celery-artdag.example.com
 
 # Generate signing keys (required for federation)
@@ -52,7 +52,7 @@ docker stack deploy -c docker-compose.yml artdag-l2
 | `ARTDAG_DOMAIN` | `artdag.rose-ash.com` | Domain for ActivityPub actors |
 | `ARTDAG_USER` | `giles` | Default username |
 | `ARTDAG_DATA` | `~/.artdag/l2` | Data directory |
-| `DATABASE_URL` | `postgresql://artdag:artdag@localhost:5432/artdag` | PostgreSQL connection |
+| `DATABASE_URL` | **(required)** | PostgreSQL connection |
 | `L1_SERVERS` | - | Comma-separated list of L1 server URLs |
 | `JWT_SECRET` | (generated) | JWT signing secret |
 | `HOST` | `0.0.0.0` | Server bind address |

db.py

@@ -32,10 +32,9 @@ def _parse_timestamp(ts) -> datetime:
 _pool: Optional[asyncpg.Pool] = None
 
 # Configuration from environment
-DATABASE_URL = os.environ.get(
+DATABASE_URL = os.environ.get("DATABASE_URL")
-    "DATABASE_URL",
+if not DATABASE_URL:
-    "postgresql://artdag:artdag@localhost:5432/artdag"
+    raise RuntimeError("DATABASE_URL environment variable is required")
-)
 
 # Schema for database initialization
 SCHEMA = """

docker-compose.yml

@@ -5,7 +5,7 @@ services:
     image: postgres:16-alpine
     environment:
       POSTGRES_USER: artdag
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-artdag}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
       POSTGRES_DB: artdag
     volumes:
       - postgres_data:/var/lib/postgresql/data
@@ -45,7 +45,7 @@ services:
       - .env
     environment:
       - ARTDAG_DATA=/data/l2
-      - DATABASE_URL=postgresql://artdag:${POSTGRES_PASSWORD:-artdag}@postgres:5432/artdag
+      - DATABASE_URL=postgresql://artdag:${POSTGRES_PASSWORD}@postgres:5432/artdag
       - IPFS_API=/dns/ipfs/tcp/5001
       - ANCHOR_BACKUP_DIR=/data/anchors
       # ARTDAG_DOMAIN, ARTDAG_USER, JWT_SECRET from .env file

migrate.py

@@ -27,10 +27,9 @@ import asyncpg
 
 # Configuration
 DATA_DIR = Path(os.environ.get("ARTDAG_DATA", str(Path.home() / ".artdag" / "l2")))
-DATABASE_URL = os.environ.get(
+DATABASE_URL = os.environ.get("DATABASE_URL")
-    "DATABASE_URL",
+if not DATABASE_URL:
-    "postgresql://artdag:artdag@localhost:5432/artdag"
+    raise RuntimeError("DATABASE_URL environment variable is required")
-)
 
 SCHEMA = """
 -- Drop existing tables (careful in production!)