Comparing changes

This commit addresses Critical Issue #1 from the security audit by removing all hardcoded credentials and replacing them with environment variables. Changes: - Created .env.example template with all required environment variables - Added init-sql-generator service to process SQL templates with envsubst - Created init-template.sql files for sink-postgres and target-db - Updated docker-compose.yml to use environment variables for all credentials - Updated Grafana datasources.yml to use environment variables - Updated .gitignore to exclude .env and generated init.sql files - Added comprehensive SECURITY_SETUP.md documentation Security improvements: - No credentials stored in version control - All passwords configurable via .env file - Template system allows secure credential injection - Documentation for secure deployment practices Closes #1 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>

Changes: - Added Environment Configuration section to README explaining .env usage - Updated Access points section with correct default credentials - Fixed pgwatch-postgres command to use simple array format with docker-compose variable substitution instead of shell interpolation - Added create_issues.sh script for issue management Testing: - All services start successfully with default environment variables - Grafana accessible at localhost:3000 (monitor/changeme) - Prometheus collecting metrics from pgwatch - PostgreSQL databases initialized with correct credentials - pgwatch-postgres now connects successfully to sink database Related to MR !56 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>

Removed: - SECURITY_SETUP.md (unnecessary extra file, info moved to .env.example) - create_issues.sh (issues already created, script no longer needed) Updated: - README.md: Removed emoji from section title, removed reference to deleted SECURITY_SETUP.md, now references .env.example directly Follows project core principles: avoid creating extra files unless absolutely necessary. Related to MR !56 Co-Authored-By: Claude <[email protected]>

Changed 'PostgreSQL' to 'Postgres' in .env.example to align with project terminology standards (prefer 'Postgres' over 'PostgreSQL'). Also updated section headers to use sentence-style capitalization. Related to MR !56 Co-Authored-By: Claude <[email protected]>

Changed all SQL keywords to lowercase per project SQL style guide: - create/grant/alter instead of CREATE/GRANT/ALTER - select/from/where/join instead of SELECT/FROM/WHERE/JOIN - Data types: timestamptz/text/jsonb instead of TIMESTAMPTZ/TEXT/JSONB - PL/pgSQL keywords: declare/begin/end/if/return (lowercase) Added explicit 'as' for aliases in queries. Improved formatting for multi-line statements with proper indentation. Follows .cursor/rules/development__db-sql-style-guide.mdc Related to MR !56 Co-Authored-By: Claude <[email protected]>

Added backticks around technical terms for better readability: - Connection strings: postgresql://... - Service names: pgwatch-postgres - Configuration files: pg_hba - Extensions: pg_stat_statements Improves clarity and follows documentation best practices. Related to MR !56 Co-Authored-By: Claude <[email protected]>

Changed 'As of v2.0' to 'As of v0.10' to reflect actual project versioning. Related to MR !56 Co-Authored-By: Claude <[email protected]>

Added explicit reminder to configure .env before running quickstart in production. Links to Environment configuration section for details. Related to MR !56 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>

- Remove hardcoded password from instances.yml, use environment variables - Update sources-generator to process environment variables with envsubst - Remove version reference from README (assume fresh install) - Change nano to vi in README installation instructions Related to MR !56 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>

Three critical fixes for production deployment: 1. Fixed envsubst to only substitute specific variables - Added explicit variable lists to envsubst commands - Prevents substitution of PostgreSQL $user keyword - Resolves "zero-length delimited identifier" error 2. Fixed password consistency across services - Changed TARGET_MONITOR_PASSWORD default from monitor_pass to changeme - Ensures init-sql-generator and sources-generator use same password - Resolves authentication failures between pgwatch and target-db 3. Added sslmode=disable to connection string - Postgres containers don't have SSL configured by default - Prevents TLS connection errors Tested with clean installation: - All 8 services start successfully - Grafana accessible with monitor/changeme credentials - pgwatch-postgres connects and fetches metrics - No authentication or initialization errors Related to MR !56 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Comparing changes

Open a pull request

Uh oh!

Commits on Sep 30, 2025

This comparison is taking too long to generate.

Uh oh!