Remove Weaviate password handling from configuration files and scripts

- Eliminated WEAVIATE_PASSWORD and WEAVIATE_PASSWORD_HASH from .env.example, Caddyfile, Docker Compose, and the secret generation script to enhance security by avoiding plaintext password exposure. - Updated related scripts to reflect the removal of Weaviate password management, ensuring a streamlined configuration.
2026-03-07 14:23:08 +00:00 · 2025-05-28 18:53:53 -06:00
parent 0529b7a420
commit 5ef17de012
5 changed files with 2 additions and 23 deletions
--- a/.env.example
+++ b/.env.example
@@ -73,7 +73,6 @@ POOLER_TENANT_ID=1000
 ############

 WEAVIATE_USERNAME=
-WEAVIATE_PASSWORD=
 WEAVIATE_API_KEY=


@@ -269,5 +268,4 @@ LETTA_SERVER_PASSWORD=
 ###########################################################################################
 COMPOSE_PROFILES="n8n"
 PROMETHEUS_PASSWORD_HASH=
-SEARXNG_PASSWORD_HASH=
-WEAVIATE_PASSWORD_HASH=
+SEARXNG_PASSWORD_HASH=
--- a/3
+++ b/3
@@ -50,9 +50,6 @@

 # Weaviate
 {$WEAVIATE_HOSTNAME} {
-    basic_auth {
-        {$WEAVIATE_USERNAME} {$WEAVIATE_PASSWORD_HASH}
-    }
    reverse_proxy weaviate:8080
 }

--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -194,7 +194,6 @@ services:
      - LANGFUSE_HOSTNAME=${LANGFUSE_HOSTNAME}
      - WEAVIATE_HOSTNAME=${WEAVIATE_HOSTNAME}
      - WEAVIATE_USERNAME=${WEAVIATE_USERNAME}
-      - WEAVIATE_PASSWORD_HASH=${WEAVIATE_PASSWORD_HASH}
      - NEO4J_HOSTNAME=${NEO4J_HOSTNAME}
      - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL:-internal}
      - PROMETHEUS_HOSTNAME=${PROMETHEUS_HOSTNAME}
--- a/scripts/03_generate_secrets.sh
+++ b/scripts/03_generate_secrets.sh
@@ -45,7 +45,6 @@ declare -A VARS_TO_GENERATE=(
    ["LANGFUSE_INIT_USER_PASSWORD"]="password:32"
    ["LANGFUSE_INIT_PROJECT_PUBLIC_KEY"]="langfuse_pk:32"
    ["LANGFUSE_INIT_PROJECT_SECRET_KEY"]="langfuse_sk:32"
-    ["WEAVIATE_PASSWORD"]="password:32" # Password for Caddy basic auth
    ["WEAVIATE_API_KEY"]="secret:48" # API Key for Weaviate service (36 bytes -> 48 chars base64)
    ["NEO4J_AUTH_PASSWORD"]="password:32" # Added Neo4j password
    ["NEO4J_AUTH_USERNAME"]="fixed:neo4j" # Added Neo4j username
@@ -625,7 +624,6 @@ done
 # Hash passwords using caddy with bcrypt
 PROMETHEUS_PLAIN_PASS="${generated_values["PROMETHEUS_PASSWORD"]}"
 SEARXNG_PLAIN_PASS="${generated_values["SEARXNG_PASSWORD"]}"
-WEAVIATE_PLAIN_PASS="${generated_values["WEAVIATE_PASSWORD"]}"

 # --- PROMETHEUS ---
 # Try to get existing hash from memory (populated from .env if it was there)
@@ -654,18 +652,6 @@ if [[ -z "$FINAL_SEARXNG_HASH" && -n "$SEARXNG_PLAIN_PASS" ]]; then
 fi
 _update_or_add_env_var "SEARXNG_PASSWORD_HASH" "$FINAL_SEARXNG_HASH"

-# --- WEAVIATE ---
-FINAL_WEAVIATE_HASH="${generated_values[WEAVIATE_PASSWORD_HASH]}"
-
-if [[ -z "$FINAL_WEAVIATE_HASH" && -n "$WEAVIATE_PLAIN_PASS" ]]; then
-    NEW_HASH=$(_generate_and_get_hash "$WEAVIATE_PLAIN_PASS")
-    if [[ -n "$NEW_HASH" ]]; then
-        FINAL_WEAVIATE_HASH="$NEW_HASH"
-        generated_values["WEAVIATE_PASSWORD_HASH"]="$NEW_HASH"
-    fi
-fi
-_update_or_add_env_var "WEAVIATE_PASSWORD_HASH" "$FINAL_WEAVIATE_HASH"
-

 if [ $? -eq 0 ]; then # This $? reflects the status of the last mv command from the last _update_or_add_env_var call.
    # For now, assuming if we reached here and mv was fine, primary operations were okay.
--- a/scripts/06_final_report.sh
+++ b/scripts/06_final_report.sh
@@ -161,8 +161,7 @@ if is_profile_active "weaviate"; then
  echo "================================= Weaviate ============================"
  echo
  echo "Host: ${WEAVIATE_HOSTNAME:-<hostname_not_set>}"
-  echo "User: ${WEAVIATE_USERNAME:-<not_set_in_env>}"
-  echo "Password: ${WEAVIATE_PASSWORD:-<not_set_in_env>}"
+  echo "Admin User (for Weaviate RBAC): ${WEAVIATE_USERNAME:-<not_set_in_env>}"
  echo "Weaviate API Key: ${WEAVIATE_API_KEY:-<not_set_in_env>}"
 fi