#!/bin/sh set -e # Refuse to start if default Supabase secrets are still in use. # Run this before docker compose up to catch misconfigurations. ERRORS=0 check_default() { var_name="$1" default_value="$2" actual_value="$3" if [ "$actual_value" = "$default_value" ] || [ -z "$actual_value" ]; then echo "ERROR: ${var_name} is set to the default/empty value. Change it before starting." >&2 ERRORS=$((ERRORS + 1)) fi } check_default "JWT_SECRET" "super-secret-jwt-token-with-at-least-32-characters-long" "${JWT_SECRET:-}" check_default "POSTGRES_PASSWORD" "your-super-secret-and-long-postgres-password" "${POSTGRES_PASSWORD:-}" check_default "ANON_KEY" "your_anon_key_here" "${ANON_KEY:-}" check_default "SERVICE_ROLE_KEY" "your_service_role_key_here" "${SERVICE_ROLE_KEY:-}" check_default "DASHBOARD_USERNAME" "supabase" "${DASHBOARD_USERNAME:-}" check_default "DASHBOARD_PASSWORD" "this_password_is_insecure_and_should_be_updated" "${DASHBOARD_PASSWORD:-}" check_default "IRON_SESSION_SECRET" "this_must_be_at_least_32_characters_long" "${IRON_SESSION_SECRET:-}" if [ "$ERRORS" -gt 0 ]; then echo "" >&2 echo "Found ${ERRORS} default secret(s). Refusing to start." >&2 echo "Generate new secrets and update your .env file before running docker compose up." >&2 exit 1 fi echo "All secrets verified — no defaults detected."