fix(07): replace minioadmin placeholder creds and add worker->web migration gate

2026-05-15 18:46:30 +02:00 · 2026-05-15 18:46:30 +02:00 · 5fc4705bd3
commit 5fc4705bd3
parent c8bce7669f
2 changed files with 8 additions and 4 deletions
--- a/backend/.env.example
+++ b/backend/.env.example
@ -33,11 +33,11 @@ S3_BUCKET=xtablo-dev
 # S3 region. Cloudflare R2 accepts "auto" or a standard region token; "us-east-1" is safe default.
 S3_REGION=us-east-1
-# S3 access key (MinIO dev default: minioadmin).
+# S3 access key. Dev (MinIO default): minioadmin — CHANGE for production R2.
-S3_ACCESS_KEY=minioadmin
+S3_ACCESS_KEY=your-access-key-id
-# S3 secret key (MinIO dev default: minioadmin).
+# S3 secret key. Dev (MinIO default): minioadmin — CHANGE for production R2.
-S3_SECRET_KEY=minioadmin
+S3_SECRET_KEY=your-secret-access-key
 # Use path-style S3 URLs.
 # true  — for MinIO and other self-hosted S3 (path-style: http://host/bucket/key).
--- a/backend/docker-compose.prod.yaml
+++ b/backend/docker-compose.prod.yaml
@ -61,6 +61,10 @@ services:
    depends_on:
      postgres:
        condition: service_healthy
      web:
        # Ensures web starts first so goose.Up() runs before the worker connects.
        # restart: unless-stopped means the worker self-heals if it races anyway.
        condition: service_started
  # -------------------------------------------------------------------------
  # Caddy reverse proxy (D-04) — TLS termination via Let's Encrypt