Security hardening: Remove weak default credentials and use environment variables

[youming1970]

Hi CDS team,

While reviewing the docker-compose.yml example configuration, I noticed several security concerns that could lead to production vulnerabilities if users copy-paste the configuration:

Issues Identified

1. Weak Default Credentials (Critical)

• POSTGRES_PASSWORD=cds (line 11)
• POSTGRES_USER=cds (line 12)
• redis requirepass cds (line 26)
• Hardcoded password "cds" in multiple config commands (lines 67, 73, 78)

Risk: These weak credentials are easily guessable and commonly left unchanged in production deployments.

2. Outdated Elasticsearch Version (High)

• elasticsearch:6.7.2 (line 32) - EOL version from 2019
• Missing security patches and compliance issues

3. Database Connection Without SSL

• --db-sslmode disable (line 48) - Disables SSL encryption

Recommended Solutions

1. Environment Variable Driven Configuration

Replace hardcoded credentials with environment variables:

environment:
  POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-CHANGE_ME_STRONG_PASSWORD}
  POSTGRES_USER: ${POSTGRES_USER:-cds}
  POSTGRES_DB: ${POSTGRES_DB:-cds}

2. Add .env.sample File

Create a template with secure defaults:

POSTGRES_PASSWORD=CHANGE_ME_STRONG_PASSWORD
REDIS_PASSWORD=CHANGE_ME_STRONG_PASSWORD

3. Update Documentation

Add security warnings in docker-compose setup docs about changing default passwords.

Impact

Production deployments using these defaults are vulnerable to:

• Unauthorized database access
• Data breach through weak authentication
• Compliance violations (SOC2, PCI-DSS)

Happy to submit a PR with the security hardening changes if you'd like.

Context: Configuration Security Review Team - focusing on making example configs copy-paste safe for production use.