Skip to content

fix(compose): dev fallback JWT secrets so docker compose up works without a .env#1

Merged
mitekk merged 1 commit into
masterfrom
fix/compose-dev-jwt
Jun 11, 2026
Merged

fix(compose): dev fallback JWT secrets so docker compose up works without a .env#1
mitekk merged 1 commit into
masterfrom
fix/compose-dev-jwt

Conversation

@mitekk

@mitekk mitekk commented Jun 11, 2026

Copy link
Copy Markdown
Owner

What

Adds dev-only fallback values for JWT_ACCESS_SECRET / JWT_REFRESH_SECRET in docker-compose.override.yml via ${VAR:-default}.

Why

Running docker compose up directly (rather than via make, which injects the secrets) left both JWT vars blank. The backend booted healthy, but any auth call (register/login) failed because the tokens couldn't be signed — so the stack looked up but was unusable, and seeding/login silently 500'd.

Scope & safety

  • Dev only. The override is loaded solely by a bare docker compose up. CI, e2e, and prod load the base compose without this override (see Makefile E2E_FILES / TEST_FILES), where these vars still have no default and a real secret must be supplied. Prod secret hygiene is unchanged.
  • No secrets committed; the values are obvious throwaway dev placeholders and are overridden by any exported var or local .env.

Verification

A clean docker compose up with no inline secrets boots and POST /api/v1/auth/register returns 201 — confirming the fallback resolves end-to-end.

Note (not in this PR)

Compose < 2.24 can't drop the base 8080 port mapping the dev frontend inherits, so on a host where 8080 is occupied, set FRONTEND_PORT in a local .env. Documented as a comment in the override.

🤖 Generated with Claude Code

…ithout a .env

Running `docker compose up` directly (instead of via `make`, which injects them)
left JWT_ACCESS_SECRET/JWT_REFRESH_SECRET blank, so the backend booted healthy
but auth (register/login) 500'd. Add dev-only fallback values in the override
via ${VAR:-default}.

Scoped to dev only: CI/e2e/prod load the base compose WITHOUT this override
(see Makefile E2E_FILES/TEST_FILES), where these vars still have no default and
a real secret must be supplied — prod secret hygiene is unchanged.

Also documents (comment only) that Compose < 2.24 cannot drop the base 8080 port
mapping that dev inherits; set FRONTEND_PORT in a local .env if 8080 is taken.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@mitekk mitekk merged commit 6ebabf0 into master Jun 11, 2026
5 checks passed
@mitekk mitekk deleted the fix/compose-dev-jwt branch June 11, 2026 14:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant