check-defaults.sh 1.3 KB

1234567891011121314151617181920212223242526272829303132333435
  1. #!/bin/sh
  2. set -e
  3. # Refuse to start if default Supabase secrets are still in use.
  4. # Run this before docker compose up to catch misconfigurations.
  5. ERRORS=0
  6. check_default() {
  7. var_name="$1"
  8. default_value="$2"
  9. actual_value="$3"
  10. if [ "$actual_value" = "$default_value" ] || [ -z "$actual_value" ]; then
  11. echo "ERROR: ${var_name} is set to the default/empty value. Change it before starting." >&2
  12. ERRORS=$((ERRORS + 1))
  13. fi
  14. }
  15. check_default "JWT_SECRET" "super-secret-jwt-token-with-at-least-32-characters-long" "${JWT_SECRET:-}"
  16. check_default "POSTGRES_PASSWORD" "your-super-secret-and-long-postgres-password" "${POSTGRES_PASSWORD:-}"
  17. check_default "ANON_KEY" "your_anon_key_here" "${ANON_KEY:-}"
  18. check_default "SERVICE_ROLE_KEY" "your_service_role_key_here" "${SERVICE_ROLE_KEY:-}"
  19. check_default "DASHBOARD_USERNAME" "supabase" "${DASHBOARD_USERNAME:-}"
  20. check_default "DASHBOARD_PASSWORD" "this_password_is_insecure_and_should_be_updated" "${DASHBOARD_PASSWORD:-}"
  21. check_default "IRON_SESSION_SECRET" "this_must_be_at_least_32_characters_long" "${IRON_SESSION_SECRET:-}"
  22. if [ "$ERRORS" -gt 0 ]; then
  23. echo "" >&2
  24. echo "Found ${ERRORS} default secret(s). Refusing to start." >&2
  25. echo "Generate new secrets and update your .env file before running docker compose up." >&2
  26. exit 1
  27. fi
  28. echo "All secrets verified — no defaults detected."