| 1234567891011121314151617181920212223242526272829303132333435 |
- #!/bin/sh
- set -e
- # Refuse to start if default Supabase secrets are still in use.
- # Run this before docker compose up to catch misconfigurations.
- ERRORS=0
- check_default() {
- var_name="$1"
- default_value="$2"
- actual_value="$3"
- if [ "$actual_value" = "$default_value" ] || [ -z "$actual_value" ]; then
- echo "ERROR: ${var_name} is set to the default/empty value. Change it before starting." >&2
- ERRORS=$((ERRORS + 1))
- fi
- }
- check_default "JWT_SECRET" "super-secret-jwt-token-with-at-least-32-characters-long" "${JWT_SECRET:-}"
- check_default "POSTGRES_PASSWORD" "your-super-secret-and-long-postgres-password" "${POSTGRES_PASSWORD:-}"
- check_default "ANON_KEY" "your_anon_key_here" "${ANON_KEY:-}"
- check_default "SERVICE_ROLE_KEY" "your_service_role_key_here" "${SERVICE_ROLE_KEY:-}"
- check_default "DASHBOARD_USERNAME" "supabase" "${DASHBOARD_USERNAME:-}"
- check_default "DASHBOARD_PASSWORD" "this_password_is_insecure_and_should_be_updated" "${DASHBOARD_PASSWORD:-}"
- check_default "IRON_SESSION_SECRET" "this_must_be_at_least_32_characters_long" "${IRON_SESSION_SECRET:-}"
- if [ "$ERRORS" -gt 0 ]; then
- echo "" >&2
- echo "Found ${ERRORS} default secret(s). Refusing to start." >&2
- echo "Generate new secrets and update your .env file before running docker compose up." >&2
- exit 1
- fi
- echo "All secrets verified — no defaults detected."
|