Skip to content

Fix: Add missing SECRET_KEY and ALTCHA_HMAC_KEY to docker.env #2124

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
paarthbhatt wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Fix: Add missing SECRET_KEY and ALTCHA_HMAC_KEY to docker.env #2124

paarthbhatt wants to merge 2 commits into from
+7 −1

Conversation

@paarthbhatt
Copy link

@paarthbhatt paarthbhatt commented Jan 24, 2026

Using the docker compose setup fails locally because SECRET_KEY and ALTCHA_HMAC_KEY are missing from docker.env.
This PR adds default values ("secret") to docker.env to ensure the local docker environment starts correctly out of the box.

Note: Line ending fixes are being handled in separate PR #2114.

Copilot AI review requested due to automatic review settings January 24, 2026 15:49
@paarthbhatt paarthbhatt force-pushed the fix-docker-env-secrets branch from 2fca192 to d98177b Compare January 24, 2026 15:52
Copilot AI reviewed Jan 24, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses a critical issue where the Docker Compose setup fails locally due to missing required environment variables SECRET_KEY and ALTCHA_HMAC_KEY in the docker.env file. The PR adds these variables with default values of "secret" to enable the Docker environment to start successfully out of the box.

Changes:

  • Added SECRET_KEY=secret to docker.env
  • Added ALTCHA_HMAC_KEY=secret to docker.env

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

docker.env Outdated
Comment on lines 9 to 10
SECRET_KEY=secret
ALTCHA_HMAC_KEY=secret
Copy link

Copilot AI Jan 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The docker.env file now contains security-sensitive default values (SECRET_KEY and ALTCHA_HMAC_KEY) but lacks a warning comment about not using these values in production. The SECRET_KEY is critical for Django's cryptographic signing and session management. Consider adding a comment at the top of the file warning users to generate proper secret keys for production use, similar to the SECURITY WARNING comments in vulnerablecode/settings.py. This would help prevent accidental use of weak default values in production environments.

Copilot uses AI. Check for mistakes.
@paarthbhatt
Fix: Add missing SECRET_KEY and ALTCHA_HMAC_KEY to docker.env
266e300 
Also added a security warning comment to avoid using default credentials in production.

Signed-off-by: Parth Bhatt <paarthbhatt37@gmail.com>
@paarthbhatt paarthbhatt force-pushed the fix-docker-env-secrets branch from 64848a2 to 266e300 Compare January 24, 2026 16:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@paarthbhatt