From 4af8afaecee5e485009d8d7680b3b244b8c8ed04 Mon Sep 17 00:00:00 2001
From: Finley Ghosh <finley@springup.software>
Date: Sun, 23 Nov 2025 09:24:47 +1100
Subject: [PATCH] Moving secrets to a .env file for dockerfile

---
 .gitignore              |  2 ++
 deploy/deploy-prod.sh   | 15 ++++++++++++++-
 docker-compose.prod.yml |  6 ++++--
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index 706e6f17..9e146162 100755
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,8 @@ app/tmp/*
 *.tar.gz
 *.swp
 *.swo
+.env.prod
+.env.stg
 app/vendors/tcpdf/cache/*
 app/tests/*
 app/emails/*
diff --git a/deploy/deploy-prod.sh b/deploy/deploy-prod.sh
index b51b76c3..4e3cae76 100755
--- a/deploy/deploy-prod.sh
+++ b/deploy/deploy-prod.sh
@@ -41,7 +41,20 @@ ssh $SERVER \
     cd "$PROD_DIR"
   fi
 
-    # Create .env file for go-app if it doesn't exist
+  # Create .env.prod file for docker-compose if it doesn't exist
+  COMPOSE_ENV_PATH="/home/cmc/$PROD_DIR/.env.prod"
+  if [ ! -f "$COMPOSE_ENV_PATH" ]; then
+    echo "Creating .env.prod file for docker-compose..."
+    cat > "$COMPOSE_ENV_PATH" <<'COMPOSEENVEOF'
+# SMTP Configuration for postfix relay
+SMTP_USERNAME=sales
+SMTP_PASSWORD=S%s'mMZ})MGsg$k!5N|mPSQ>
+COMPOSEENVEOF
+  else
+    echo ".env.prod already exists, skipping creation..."
+  fi
+
+  # Create .env file for go-app if it doesn't exist
   ENV_PATH="/home/cmc/$PROD_DIR/go-app/.env"
   echo "(Re)creating .env file for go-app..."
   cat > "$ENV_PATH" <<'ENVEOF'
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 373e4339..e9f33a43 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -3,14 +3,16 @@ services:
     image: boky/postfix
     restart: unless-stopped
     container_name: cmc-prod-postfix
+    env_file:
+      - .env.prod
     # Production: relay to Gmail SMTP
     environment:
       - ALLOWED_SENDER_DOMAINS=cmctechnologies.com.au
       # Gmail SMTP relay settings
       - RELAYHOST=smtp-relay.gmail.com
       - RELAYHOST_PORT=587
-      - SMTP_USERNAME=sales
-      - SMTP_PASSWORD="S%s'mMZ})MGsg$k!5N|mPSQ>"
+      - SMTP_USERNAME=${SMTP_USERNAME}
+      - SMTP_PASSWORD=${SMTP_PASSWORD}
       - SMTP_TLS_SECURITY_LEVEL=encrypt
       - SMTP_USE_TLS=yes
       - SMTP_USE_STARTTLS=yes