# Docker Compose example with File-Based Secrets # This file demonstrates how to use file-based Docker secrets for sensitive environment variables # like DB_PASSWORD, SECRET_KEY, and FERNET_KEY. services: endurain: container_name: endurain-app image: ghcr.io/endurain-project/endurain:latest environment: # Use _FILE variants to read secrets from files - DB_PASSWORD_FILE=/run/secrets/db_password - SECRET_KEY_FILE=/run/secrets/secret_key - FERNET_KEY_FILE=/run/secrets/fernet_key # Regular environment variables - TZ=Europe/Lisbon - DB_TYPE=postgres - DB_HOST=postgres - DB_PORT=5432 - DB_USER=endurain - DB_DATABASE=endurain - ENDURAIN_HOST=https://endurain.example.com - BEHIND_PROXY=true - ALGORITHM=HS256 - ACCESS_TOKEN_EXPIRE_MINUTES=15 - REFRESH_TOKEN_EXPIRE_DAYS=7 secrets: - db_password - secret_key - fernet_key volumes: - /opt/endurain/backend/data:/app/backend/data - /opt/endurain/backend/logs:/app/backend/logs ports: - "8080:8080" depends_on: postgres: condition: service_healthy restart: unless-stopped postgres: image: docker.io/postgres:17.5 container_name: endurain-postgres environment: - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password - POSTGRES_DB=endurain - POSTGRES_USER=endurain - PGDATA=/var/lib/postgresql/data/pgdata secrets: - postgres_password healthcheck: test: ["CMD-SHELL", "pg_isready -U endurain"] interval: 5s timeout: 5s retries: 5 volumes: - /opt/endurain/postgres:/var/lib/postgresql/data restart: unless-stopped secrets: # File-based secrets - secrets are read from local files db_password: file: ./secrets/db_password.txt # Postgres uses the same password as the application postgres_password: file: ./secrets/db_password.txt # JWT secret key secret_key: file: ./secrets/secret_key.txt # Fernet encryption key fernet_key: file: ./secrets/fernet_key.txt