docs: add security warnings for default passwords in .env (#12250)

Enhances security by adding explicit warnings in the environment template about changing default passwords for MySQL, Elasticsearch, and MinIO before deployment.
2025-12-29 16:05:35 +08:00 · 2025-12-28 13:02:17 +07:00
parent 86b03f399a
commit 3305215144
1 changed files with 9 additions and 0 deletions
--- a/docker/.env
+++ b/docker/.env
@ -1,3 +1,10 @@
+# -----------------------------------------------------------------------------
+# SECURITY WARNING: DO NOT DEPLOY WITH DEFAULT PASSWORDS
+# For non-local deployments, please change all passwords (ELASTIC_PASSWORD, 
+# MYSQL_PASSWORD, MINIO_PASSWORD, etc.) to strong, unique values.
+# You can generate a random string using: openssl rand -hex 32
+# -----------------------------------------------------------------------------
+
 # ------------------------------
 # docker env var for specifying vector db type at startup
 # (based on the vector db type, the corresponding docker
@ -30,6 +37,7 @@ ES_HOST=es01
 ES_PORT=1200

 # The password for Elasticsearch.
+# WARNING: Change this for production!
 ELASTIC_PASSWORD=infini_rag_flow

 # the hostname where OpenSearch service is exposed, set it not the same as elasticsearch
@ -85,6 +93,7 @@ OB_DATAFILE_SIZE=${OB_DATAFILE_SIZE:-20G}
 OB_LOG_DISK_SIZE=${OB_LOG_DISK_SIZE:-20G}

 # The password for MySQL.
+# WARNING: Change this for production!
 MYSQL_PASSWORD=infini_rag_flow
 # The hostname where the MySQL service is exposed
 MYSQL_HOST=mysql