L2SS-475: store sensitive data in env variables

docker-compose/.env

@@ -13,3 +13,6 @@ TANGO_JAVA_VERSION=9.3.6
 TANGO_POGO_VERSION=9.6.34
 TANGO_REST_VERSION=1.14.6
 TANGO_STARTER_VERSION=2021-05-28
+
+PG_SUPERUSER_PASSWORD=password
+PG_HDB_PASSWORD=hdbpp

docker-compose/archiver-timescale.yml

 version: '2'
 
-secrets:
-  pg_password:
-    external: true
-
 services:
   archiver-timescale:
     image: timescaledb
@@ -14,13 +10,11 @@ services:
       - control
     ports:
       - "5432:5432/tcp"
-    secrets:
-      - source: pg_password
-        target: POSTGRES_PASSWORD
     depends_on:
       - databaseds
     environment:
-      - POSTGRES_PASSWORD_FILE= '/run/secrets/db_password'
+      - POSTGRES_PASSWORD=${PG_SUPERUSER_PASSWORD}
+      - PG_HDB_PASSWORD=${PG_HDB_PASSWORD}
       - TANGO_HOST=${TANGO_HOST}
     logging:
       driver: syslog

docker-compose/timescaledb/Dockerfile

 FROM timescale/timescaledb:latest-pg12
 
 
-COPY resources/01_admin.sql docker-entrypoint-initdb.d/002_admin.sql
+COPY resources/01_admin.sh docker-entrypoint-initdb.d/002_admin.sh
 COPY resources/02_hdb_schema.sql docker-entrypoint-initdb.d/003_hdb_schema.sql
 COPY resources/03_hdb_roles.sql docker-entrypoint-initdb.d/004_hdb_roles.sql
 COPY resources/04_hdb_ext_aggregates.sql docker-entrypoint-initdb.d/005_hdb_ext_aggregates.sql

docker-compose/timescaledb/resources/01_admin.sql → docker-compose/timescaledb/resources/01_admin.sh

-CREATE ROLE hdb_admin WITH LOGIN PASSWORD 'hdbpp';
+#!/bin/bash
+
+psql << EOF
+CREATE ROLE hdb_admin WITH LOGIN PASSWORD '${PG_HDB_PASSWORD}';
 ALTER USER hdb_admin CREATEDB;
 ALTER USER hdb_admin CREATEROLE;
 ALTER USER hdb_admin SUPERUSER;
+EOF