I’m really shocked by the confidence people have here with clearly zero knowledge.
“.env_example” is literally just the example/template which is only updated if new “config” items are needed and it doesn’t contain actual secrets.
Developers copy “.env”/prod and “.env_local” files, which are used for the specific environments. These are in .gitignore so that they’re not accidentally pushed to .git.
For production the “.env” is generated during deployment from secrets in a locked up environment. (I mean they COULD fuck this up, but there’s no evidence of this AFAIK)
The example postgres password is simply a “hello world” type password that is often used when running a local docker image of the DB so you can get a full dev environment running in a couple minutes, as mentioned in the readme.md:
https://github.com/gsa-tts-archived/ai-gov-api
It’s not even a testing environment, it’s a temporary local/dev DB just so you can test your code.
I am NOT defending this project, but holy shit this thread is full of misinformation and I had to correct this.
The person you replied to doesn’t know what they’re talking about. It’s just an example password used for running a local empty DB for development and has nothing to do with production or even test databases.
DB_PASS=“postgres” 😬😬😬
I mean it is called “.env_example” afterall… Probably a env file to use for testing, no?
I’m really shocked by the confidence people have here with clearly zero knowledge.
“.env_example” is literally just the example/template which is only updated if new “config” items are needed and it doesn’t contain actual secrets.
Developers copy “.env”/prod and “.env_local” files, which are used for the specific environments. These are in .gitignore so that they’re not accidentally pushed to .git.
For production the “.env” is generated during deployment from secrets in a locked up environment. (I mean they COULD fuck this up, but there’s no evidence of this AFAIK)
The example postgres password is simply a “hello world” type password that is often used when running a local docker image of the DB so you can get a full dev environment running in a couple minutes, as mentioned in the readme.md: https://github.com/gsa-tts-archived/ai-gov-api
It’s not even a testing environment, it’s a temporary local/dev DB just so you can test your code.
I am NOT defending this project, but holy shit this thread is full of misinformation and I had to correct this.
so, uh… can you ELI5 this for those of us that don’t know anything?
The person you replied to doesn’t know what they’re talking about. It’s just an example password used for running a local empty DB for development and has nothing to do with production or even test databases.
You can see this in the readme: https://archive.softwareheritage.org/browse/origin/directory/?origin_url=https%3A%2F%2Fgithub.com%2Fgsa-tts-archived%2Fai-gov-api
See my longer previous comment if you want to know more. And again, not defending this project, but this whole comment chain was just misinformation.