[SOLVED] Recommended to set _APP_DB_PASS vars?

Hey, is it recommended to set the _APP_DB_PASS and _APP_EXECUTOR_SECRET vars in production?

TL;DR

Developers were discussing if it's recommended to set database password and executor secret variables in production. They mentioned the importance of setting these secrets before starting the containers for the first time and highlighted the encryption complexities if changed later. Additionally, other security variables like `_APP_ENV` and `_APP_OPTIONS_ABUSE` were considered. Ultimately, they agreed it's crucial to set `_APP_DB_PASS` and `_APP_EXECUTOR_SECRET` vars in a production environment.

Yes, definitely.

Okay, can you think of any other "security" vars that should be set? Other than _APP_ENV, _APP_OPTIONS_ABUSE, _APP_OPTIONS_FORCE_HTTPS, _APP_OPENSSL_KEY_V1, _APP_CONSOLE_WHITELIST_ROOT. Im not using storage.

The database secret and the openssl secret needs to be setup before you start the containers for the first time.

executor secret and that's it.

yea, its a while since i first started the containers.. however i see you should change the DB user/pass using mariadb and then change in the env. Not sure about how to handle executor secret, since the containers are already running

You could of course change the database secret yourself afterwards. Just wanted to let you know that the db secret is configured the first time the mariadb container is spun up. Regarding the openssl secret it is really hard to change it afterwards since most sensitive data in the database are already encrypted with the initial secret. You can change the executor secret at any time, just restart the container afterwards

seems that its okay to change the executor secret directly in the env and then restart https://discord.com/channels/564160730845151244/1220769895776784424/1220772232159297746

Yes

ah okay. Yea i set the openssl key back before starting the containers for the first time, so im good there. Thanks for your help