upmpdcli-docker icon indicating copy to clipboard operation
upmpdcli-docker copied to clipboard
verified publisher icon GioF71

[Maintenance] [Security] Avoid username and password in variables

Open GioF71 opened this issue 9 months ago • 0 comments

Avoid to use ENV variables for username and passwords. See this page for more details.

On the image level, there is no issue because the variables are empty by default but, at the container level, those credentials can be seen by any user who can inspect a container.

Strategy:

  1. Deprecate those variables and remove them from Dockerfile (will still be usable), offer a way to pass a "credential" file.
  2. Eventually remove those variables (don't use them in run script)

This will happen across more than one release.

GioF71 avatar May 04 '25 11:05 GioF71