bollwerkadmin/bollwerk
1
0
Fork 0
Code Issues 9 Pull requests Projects Releases Packages Wiki Activity Actions
bollwerk/docker-compose.yml
Jens Reinemann 90cfac70a0 feat: column-level encryption at rest with AES-256-GCM (#98) 
- Add EncryptionService (AES-256-GCM) with passthrough when no key set
- Flyway V3: enable pgcrypto extension + widen name columns to TEXT
- DatabaseFactory: init EncryptionService from BOLLWERK_DB_ENCRYPTION_KEY,
  run migrateEncryptData() to encrypt existing plaintext rows on startup
- InventoryRepository: encrypt on write, decrypt on read for
  items.name, items.notes, categories.name, locations.name, settings.value
- MessageRepository: encrypt body on write, decrypt on read
- docker-compose.yml: document BOLLWERK_DB_ENCRYPTION_KEY env var
- docker-compose-vps.yml: pass BOLLWERK_DB_ENCRYPTION_KEY from .env
- .env.example: add key generation template
- .gitignore: add .env to ignore list

Closes #98
2026-05-17 22:17:10 +02:00

51 lines
1.3 KiB
YAML
Raw Blame History

services:
db:
image: postgres:17-alpine
container_name: bollwerk-db
restart: unless-stopped
environment:
POSTGRES_DB: bollwerk
POSTGRES_USER: bollwerk
POSTGRES_PASSWORD: bollwerk
ports:
- "127.0.0.1:5432:5432"
volumes:
- pgdata:/var/lib/postgresql/data
bollwerk:
build: .
container_name: bollwerk-server
restart: unless-stopped
ports:
- "127.0.0.1:8080:8080"
environment:
- BOLLWERK_JWT_SECRET=sRKnyOBAgwkoDYptqixc9I26SlUWFhGXL5jaTM1vPbe78Q0r
- BOLLWERK_DB_URL=jdbc:postgresql://db:5432/bollwerk
- BOLLWERK_DB_USER=bollwerk
- BOLLWERK_DB_PASSWORD=bollwerk
# Set BOLLWERK_DB_ENCRYPTION_KEY to enable column-level encryption.
# Generate with: openssl rand -base64 32
# Leave empty to disable encryption (passthrough mode).
# - BOLLWERK_DB_ENCRYPTION_KEY=${BOLLWERK_DB_ENCRYPTION_KEY}
volumes:
- backup_data:/backups:ro
depends_on:
- db
backup:
build: ./backup
container_name: bollwerk-backup
restart: unless-stopped
environment:
- POSTGRES_HOST=db
- POSTGRES_DB=bollwerk
- POSTGRES_USER=bollwerk
- POSTGRES_PASSWORD=bollwerk
volumes:
- backup_data:/backups
depends_on:
- db
volumes:
pgdata:
backup_data:
Reference in a new issue View git blame Copy permalink