beatz174-bit
32 lines
1.7 KiB
Markdown
32 lines
1.7 KiB
Markdown
# Credential Inventory (apps/, core/, monitoring/)
|
|
|
|
## apps/
|
|
- `apps/nextcloud/docker-compose.yml`
|
|
- `MYSQL_PASSWORD` (nextcloud-webapp) -> `MYSQL_PASSWORD_FILE` + Docker secret.
|
|
- `SMTP_PASSWORD` -> `SMTP_PASSWORD_FILE` + Docker secret.
|
|
- `REDIS_HOST_PASSWORD` -> `REDIS_HOST_PASSWORD_FILE` + Docker secret.
|
|
- `MYSQL_ROOT_PASSWORD`, `MYSQL_PASSWORD`, `NEXTCLOUD_ADMIN_PASSWORD` (nextcloud-db) -> `_FILE` variants + Docker secrets.
|
|
- Redis `--requirepass` inline value -> read from Docker secret at runtime.
|
|
- `apps/passbolt/docker-compose.yml`
|
|
- `MYSQL_PASSWORD`, `DATASOURCES_DEFAULT_PASSWORD` -> `_FILE` variants + Docker secret.
|
|
- `apps/gramps/docker-compose.yml`
|
|
- `POSTGRES_PASSWORD` -> `POSTGRES_PASSWORD_FILE` + Docker secret.
|
|
- `DB_URI` password + `INITIAL_ADMIN_PASSWORD` -> env references from non-committed secrets env file.
|
|
|
|
## core/
|
|
- `core/authelia/configuration.yml`
|
|
- `identity_validation.reset_password.jwt_secret` -> `${AUTHELIA_JWT_SECRET}`.
|
|
- `session.secret` -> `${AUTHELIA_SESSION_SECRET}`.
|
|
- `storage.encryption_key` -> `${AUTHELIA_STORAGE_ENCRYPTION_KEY}`.
|
|
- `core/traefik/dynamic.yml`
|
|
- `crowdsecLapiKey` -> `${CROWDSEC_LAPI_KEY}`.
|
|
|
|
## monitoring/
|
|
- `monitoring/gotify/docker-compose.yml`
|
|
- `GOTIFY_DEFAULTUSER_PASS` -> `${GOTIFY_DEFAULTUSER_PASS}` from non-committed secrets env file.
|
|
- `monitoring/prometheus/docker-compose.yml`
|
|
- `DOCKER_INFLUXDB_INIT_PASSWORD` -> `DOCKER_INFLUXDB_INIT_PASSWORD_FILE` + Docker secret.
|
|
- `PIHOLE_PASSWORD` -> `${PIHOLE_PASSWORD}` from non-committed secrets env file.
|
|
- `monitoring/prometheus/prometheus.yml`
|
|
- Uptime Kuma basic_auth `password` -> `password_file` mounted from non-committed secret file.
|