Hardcoded Postgres Password in Dockerfile #448
Description
Hardcoding passwords in Dockerfile ENV and RUN instructions is a significant security risk. These values are persisted in the Docker image layers and can be easily inspected by anyone with access to the image.
Locations:
deployment/choreo/development/docker/postgres/Dockerfile:29deployment/choreo/development/docker/postgres/Dockerfile:51
Recommendation:
Use build arguments (ARG) for passwords and avoid persisting them in the final image, especially for production or sensitive environments.