Replace default PostgreSQL password

Any existing self-hosted tenants created before v11.0 (June 13 2022) would use a single randomized default password for PostgreSQL. From v11.0 onwards we ensure that each self-hosted tenant gets a unique and randomized set of credentials. You can rotate your PostgreSQL password by performing the following action against the .env file. Please note that you may also need to update the new password in any other parts of your deployment system(s), accordingly.

The Postgres database isn't accessible from outside of the Docker network by default.

DATABASE_NAME=$(cat .env | grep DATABASE_NAME= | cut -d'=' -f2)
DATABASE_USERNAME=$(cat .env | grep DATABASE_USERNAME= | cut -d'=' -f2)
OLD_PASSWORD=$(cat .env | grep DATABASE_PASSWORD= | cut -d'=' -f2)
NEW_PASSWORD=$(openssl rand -hex 12)

docker exec postgres psql -U "$DATABASE_USERNAME" -d "$DATABASE_NAME" -tAc "ALTER USER $DATABASE_USERNAME PASSWORD '$NEW_PASSWORD';"

sed -i.backup -e "s/$OLD_PASSWORD/$NEW_PASSWORD/" .env
if [ -f ".env" ]; then
  rm ".env.backup"
fi

sed -i.backup -e "s/$OLD_PASSWORD/$NEW_PASSWORD/" docker-compose.yml
if [ -f "docker-compose.yml.backup" ]; then
  rm "docker-compose.yml.backup"
fi