security: move sensitive data to environment variables

.env.example

@@ -1,12 +1,7 @@
 # Database Configuration
-POSTGRES_USER=admin
+DATABASE_URL=postgresql://USER:PASSWORD@HOST:PORT/DATABASE?schema=occto
-POSTGRES_PASSWORD=adminpassword
-POSTGRES_DB=occto_db
-DATABASE_URL=postgresql://admin:adminpassword@postgres:5432/occto_db?schema=public
 
-# MinIO Configuration
+# MinIO / S3 Configuration
-MINIO_ROOT_USER=admin
-MINIO_ROOT_PASSWORD=adminpassword
 MINIO_ENDPOINT=minio
 MINIO_PORT=9000
 MINIO_USE_SSL=false
@@ -16,4 +11,6 @@ MINIO_BUCKET_NAME=occto-images
 
 # Application
 NODE_ENV=production
-JWT_SECRET=b33500bb3dc5504535c34cc5f79f4ca0f60994b093bded14d48f76c0c090f032234693219e60398cab053a9c55c1d426ef7b1768104db9040254ba7db452f708
+DOMAIN=localhost
+JWT_SECRET=generate_a_random_string_here
+LIBRETRANSLATE_URL=https://libretranslate.stackbyte.cloud

docker-compose.yml

@@ -12,16 +12,16 @@ services:
     environment:
       - NODE_ENV=${NODE_ENV:-production}
       # Conexão com o banco centralizado (Postgres unificado)
-      - DATABASE_URL=postgresql://bd-user:O1vLMhy9yZ7ZdSsX9ZqK@banco-de-dados-postgress-slcggn:5432/bd-geral?schema=occto
+      - DATABASE_URL=${DATABASE_URL}
       # Configurações de Mídias (S3)
-      - MINIO_ENDPOINT=${MINIO_ENDPOINT:-minio}
+      - MINIO_ENDPOINT=${MINIO_ENDPOINT}
       - MINIO_PORT=${MINIO_PORT:-9000}
       - MINIO_USE_SSL=${MINIO_USE_SSL:-false}
-      - MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY:-admin}
+      - MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY}
-      - MINIO_SECRET_KEY=${MINIO_SECRET_KEY:-adminpassword}
+      - MINIO_SECRET_KEY=${MINIO_SECRET_KEY}
       - MINIO_BUCKET_NAME=${MINIO_BUCKET_NAME:-occto-images}
       # Segurança e Outros
-      - JWT_SECRET=${JWT_SECRET:-b33500bb3dc5504535c34cc5f79f4ca0f60994b093bded14d48f76c0c090f032234693219e60398cab053a9c55c1d426ef7b1768104db9040254ba7db452f708}
+      - JWT_SECRET=${JWT_SECRET}
       - LIBRETRANSLATE_URL=${LIBRETRANSLATE_URL:-https://libretranslate.stackbyte.cloud}
     labels:
       - "traefik.enable=true"
@@ -42,6 +42,5 @@ networks:
   dokploy-network:
     external: true
 
-# Volumes do Postgres local foram removidos já que o banco agora é externo.
 volumes:
   minio_data:

env.migration.txt

@@ -0,0 +1,18 @@
+# Database Configuration (Novo Servidor Unificado)
+# Use o schema=occto para manter o isolamento
+DATABASE_URL=postgresql://bd-user:O1vLMhy9yZ7ZdSsX9ZqK@banco-de-dados-postgress-slcggn:5432/bd-geral?schema=occto
+
+# MinIO / S3 Configuration
+# Mantenha os valores originais ou atualize para o novo S3 unificado
+MINIO_ENDPOINT=minio
+MINIO_PORT=9000
+MINIO_USE_SSL=false
+MINIO_ACCESS_KEY=admin
+MINIO_SECRET_KEY=adminpassword
+MINIO_BUCKET_NAME=occto-images
+
+# Application
+NODE_ENV=production
+DOMAIN=seu-dominio.com.br
+JWT_SECRET=b33500bb3dc5504535c34cc5f79f4ca0f60994b093bded14d48f76c0c090f032234693219e60398cab053a9c55c1d426ef7b1768104db9040254ba7db452f708
+LIBRETRANSLATE_URL=https://libretranslate.stackbyte.cloud