I mean it is called “.env_example” afterall… Probably a env file to use for testing, no?
Comment on Trump team leaks AI plans in public GitHub repository
titey@jlai.lu 4 weeks ago
DB_PASS=“postgres” 😬😬😬
Nobilmantis@feddit.it 4 weeks ago
forgeddit@sopuli.xyz 4 weeks ago
I’m really shocked by the confidence people have here with clearly zero knowledge.
“.env_example” is literally just the example/template which is only updated if new “config” items are needed and it doesn’t contain actual secrets.
Developers copy “.env”/prod and “.env_local” files, which are used for the specific environments. These are in .gitignore so that they’re not accidentally pushed to .git.
For production the “.env” is generated during deployment from secrets in a locked up environment. (I mean they COULD fuck this up, but there’s no evidence of this AFAIK)
The example postgres password is simply a “hello world” type password that is often used when running a local docker image of the DB so you can get a full dev environment running in a couple minutes, as mentioned in the readme.md: github.com/gsa-tts-archived/ai-gov-api
It’s not even a testing environment, it’s a temporary local/dev DB just so you can test your code.
I am NOT defending this project, but holy shit this thread is full of misinformation and I had to correct this.
Jakeroxs@sh.itjust.works 4 weeks ago
Is this real lmao
ArtVandelay@lemmy.world 4 weeks ago
Unfortunately no, it seems. Somebody at least had the bare minimum sense to let GitHub generate the .gitignore for them, which includes most common environment files. github.com/gsa-tts-archived/ai.gov/…/.gitignore
forgeddit@sopuli.xyz 4 weeks ago
It’s from another repo and literally just an example env for an empty local docker DB: archive.softwareheritage.org/browse/…/directory/?…
Crozekiel@lemmy.zip 4 weeks ago
so, uh… can you ELI5 this for those of us that don’t know anything?
crookfingerjake@lemmy.world 4 weeks ago
The type of database they are using is called “postgres”, which is also it’s password.
SocialMediaRefugee@lemmy.world 4 weeks ago
They should’ve used “1234”
faythofdragons@slrpnk.net 4 weeks ago
That’s the combo on my luggage!
joyjoy@lemmy.zip 4 weeks ago
I will assume this is just the password they use in development. But they should probably be using pglite.
ohshit604@sh.itjust.works 4 weeks ago
Postgres, SQLite, etc are tools for database management, things like user data, application data and so on are collected here.
Take Reddit’s Karma system or Upvotes/Downvotes for example, they’re stored in a database and however Reddit wants to utilize that data Postgres makes it easy to call upon it.
I’m sure others can give more detailed responses.
theherk@lemmy.world 4 weeks ago
Interesting that you chose Reddit as an example. They have a fascinating origin story with respect to data mart. Early Reddit had just two tables: Thing and Data, where Thing was metadata about types and Data was a three column table with: type, id, and value.
Wrap your head around that. All of Reddit, two tables. A database couldn’t be less normalized (final boss of normal forms) and they did it in an rdb. So horrific it’s actually kind of cool.
ohshit604@sh.itjust.works 4 weeks ago
I was in a rush! Honestly it was the quickest thing I could come up with on the spot, plus database tools are something I lack a lot of knowledge about so I really couldn’t go in depth even if I wanted to.
Appreciate the history behind Reddit’s database!
lepinkainen@lemmy.world 4 weeks ago
It’s like having your password set to “password”
forgeddit@sopuli.xyz 4 weeks ago
The person you replied to doesn’t know what they’re talking about. It’s just an example password used for running a local empty DB for development and has nothing to do with production or even test databases.
You can see this in the readme: archive.softwareheritage.org/browse/…/directory/?…
See my longer previous comment if you want to know more. And again, not defending this project, but this whole comment chain was just misinformation.