Used Pasword Path instead of hard coding password

.gitignore

@@ -78,5 +78,7 @@ data/example
 data/token-claim
 tmp
 
-# DB is not committed
-postgres
+# DB Files are not committed
+postgres
+db_password.txt
+

packages/claim-backend/.env.example

@@ -4,7 +4,7 @@ DB_PORT=5432
 DB_HOST=127.0.0.1
 DB_DATABASE=claim-backend
 DB_USERNAME=claim-backend
-DB_PASSWORD=passwd
+DB_PASSWORD_PATH=./db_password.txt
 DB_SSLMODE=true
 DB_LOGGING=true
 CORS_ORIGIN=*

packages/claim-backend/README.md

@@ -11,28 +11,43 @@ Apart from Node version 18, Claim Backend also requires:
 
 ## .env Params
 
-| param            | Description                                                | Required |
-| ---------------- | ---------------------------------------------------------- | -------- |
-| BACKEND_HOST     | IP used by backend (Default: 127.0.0.1)                    | false    |
-| BACKEND_PORT     | Port used by backend (Default: 3000)                       | false    |
-| DB_PORT          | Port used by PostgreSQL DB (Default: 5432)                 | false    |
-| DB_HOST          | Host used by PostgreSQL DB (Default: 127.0.0.1)            | false    |
-| DB_DATABASE      | Name of Database of PostgreSQL DB (Default: claim-backend) | false    |
-| DB_USERNAME      | Username of PostgreSQL DB (Default: claim-backend)         | false    |
-| DB_PASSWORD      | Password of Database of PostgreSQL DB (Default: passwd)    | false    |
-| DB_SSLMODE       | A flag to turn on SSL Connection on DB (Default: false)    | false    |
-| DB_LOGGING       | A flag to turn on verbose logging of DB (Default: true)    | false    |
-| CORS_ORIGIN      | Accepted Origin, can be string or Regex (Default: \*)      | false    |
-| MERKLE_TREE_PATH | Path merkle-tree-details.json, generated by Tree Builder   | true     |
+| param            | Description                                                                                  | Required |
+| ---------------- | -------------------------------------------------------------------------------------------- | -------- |
+| BACKEND_HOST     | IP used by backend (Default: 127.0.0.1)                                                      | false    |
+| BACKEND_PORT     | Port used by backend (Default: 3000)                                                         | false    |
+| DB_PORT          | Port used by PostgreSQL DB (Default: 5432)                                                   | false    |
+| DB_HOST          | Host used by PostgreSQL DB (Default: 127.0.0.1)                                              | false    |
+| DB_DATABASE      | Name of Database of PostgreSQL DB (Default: claim-backend)                                   | false    |
+| DB_USERNAME      | Username of PostgreSQL DB (Default: claim-backend)                                           | false    |
+| DB_PASSWORD_PATH | File path that stores the password of database of PostgreSQL DB (Default: ./db_password.txt) | false    |
+| DB_SSLMODE       | A flag to turn on SSL Connection on DB (Default: false)                                      | false    |
+| DB_LOGGING       | A flag to turn on verbose logging of DB (Default: true)                                      | false    |
+| CORS_ORIGIN      | Accepted Origin, can be string or Regex (Default: \*)                                        | false    |
+| MERKLE_TREE_PATH | Path merkle-tree-details.json, generated by Tree Builder                                     | true     |
 
 ## Run
 
 ```
-$ cd packages/claim-backend
-$ cp .env.example .env
-$ < Edit .env regarding to ".env Params" >
-$ docker-compose up -d
-$ yarn server
+# Enter claim-backend package
+cd packages/claim-backend
+
+# Install dependencies
+yarn
+
+# Make a copy of .env.example
+cp .env.example .env
+
+# Edit .env regarding to ".env Params"
+(nano|vim|emacs) .env
+
+# Create secret for Docker DB Password
+echo -n $(openssl rand -hex 16) > db_password.txt
+
+# Start postgres locally
+docker-compose up -d
+
+# Start Claim Backend
+yarn server
 ```
 
 ## Endpoints

packages/claim-backend/docker-compose.yml

@@ -8,7 +8,13 @@ services:
     command: ['postgres', '-cshared_preload_libraries=pg_stat_statements']
     environment:
       POSTGRES_USER: claim-backend
-      POSTGRES_PASSWORD: passwd
+      POSTGRES_PASSWORD_FILE: /run/secrets/db_password
       POSTGRES_DB: claim-backend
     volumes:
       - ./postgres:/var/lib/postgresql/data
+    secrets:
+      - db_password
+
+secrets:
+  db_password:
+    file: ${DB_PASSWORD_PATH:-db_password.txt}

packages/claim-backend/src/db.ts

@@ -1,3 +1,5 @@
+import * as fs from 'fs';
+
 import { Sequelize } from 'sequelize-typescript';
 import Signature from './models/signature.model';
 
@@ -12,7 +14,7 @@ export class DB {
 			host: process.env.DB_HOST || '127.0.0.1',
 			database: process.env.DB_DATABASE || 'claim-backend',
 			username: process.env.DB_USERNAME || 'claim-backend',
-			password: process.env.DB_PASSWORD || 'passwd',
+			password: fs.readFileSync(process.env.DB_PASSWORD_PATH || 'db_password.txt', 'utf-8'),
 			models: [__dirname + '/models/*.model.ts'],
 			port: Number(process.env.DB_PORT) || 5432,
 			logging: process.env.DB_LOGGING !== 'false',