Make sure this PostgreSQL database password gets changed and removed

from the code

development/README.md

@@ -53,7 +53,7 @@ docker-compose exec api-manager-web bash
 docker-compose exec api-manager-web bash -c 'cd apimanager && python manage.py shell'
 
 # Database shell
-docker-compose exec api-manager-db psql -U apimanager -d apimanager
+docker-compose exec api-manager-db psql -U ${POSTGRES_USER:-apimanager} -d ${POSTGRES_DB:-apimanager}
 
 # Stop services
 docker-compose down
@@ -66,18 +66,31 @@ The setup uses environment variables defined in `.env`:
 - `OAUTH_CONSUMER_KEY` - OAuth consumer key from OBP API
 - `OAUTH_CONSUMER_SECRET` - OAuth consumer secret from OBP API  
 - `API_HOST` - OBP API server URL (default: http://host.docker.internal:8080)
+- `POSTGRES_PASSWORD` - Database password (IMPORTANT: Change from default!)
+- `POSTGRES_USER` - Database username (default: apimanager)
+- `POSTGRES_DB` - Database name (default: apimanager)
+
+### 🔒 Security Note
+
+**IMPORTANT**: The default database password is `CHANGE_THIS_PASSWORD` and must be changed before deployment. Set a strong password in your `.env` file:
+
+```bash
+POSTGRES_PASSWORD=your_secure_password_here
+```
 
 ## Testing OAuth Integration
 
-1. Ensure OBP API is running on http://127.0.0.1:8080/ (accessible as host.docker.internal:8080 from containers)
-2. Start the development environment
-3. Navigate to http://localhost:8000
-4. Click "Proceed to authentication server" to test OAuth flow
+1. **First, set a secure database password** in your `.env` file
+2. Ensure OBP API is running on http://127.0.0.1:8080/ (accessible as host.docker.internal:8080 from containers)
+3. Start the development environment
+4. Navigate to http://localhost:8000
+5. Click "Proceed to authentication server" to test OAuth flow
 
 ## Troubleshooting
 
 - **Port conflicts**: Database uses port 5434 to avoid conflicts
 - **OAuth errors**: Verify OAUTH_CONSUMER_KEY and OAUTH_CONSUMER_SECRET in .env
+- **Database connection errors**: Ensure POSTGRES_PASSWORD is set in .env and matches between services
 - **Connection refused to OBP API**: The setup uses `host.docker.internal:8080` to reach the host machine's OBP API from containers
 - **Static files missing**: Restart containers with `docker-compose down && docker-compose up -d`
 

development/dev-setup.sh

@@ -49,6 +49,17 @@ if [ ! -f .env ]; then
     echo "❌ .env file not found. Please run this script from the development directory."
     exit 1
 fi
+
+# Check database password security
+if [ "$POSTGRES_PASSWORD" = "CHANGE_THIS_PASSWORD" ] || [ -z "$POSTGRES_PASSWORD" ]; then
+    echo "🔒 SECURITY WARNING: Database password not properly set!"
+    echo "   Please update POSTGRES_PASSWORD in .env file with a secure password"
+    echo "   The default password 'CHANGE_THIS_PASSWORD' should not be used"
+    echo ""
+else
+    echo "✅ Database password configured"
+fi
+
 if [ "$OAUTH_CONSUMER_KEY" = "your-oauth-consumer-key" ] || [ "$OAUTH_CONSUMER_SECRET" = "your-oauth-consumer-secret" ] || [ -z "$OAUTH_CONSUMER_KEY" ] || [ -z "$OAUTH_CONSUMER_SECRET" ]; then
     echo "⚠️  WARNING: OAuth credentials not properly set!"
     echo "   Please update OAUTH_CONSUMER_KEY and OAUTH_CONSUMER_SECRET in .env file"
@@ -91,7 +102,7 @@ if docker-compose ps | grep -q "Up"; then
     echo "   - View logs: docker-compose logs api-manager-web"
     echo "   - Access shell: docker-compose exec api-manager-web bash"
     echo "   - Django shell: docker-compose exec api-manager-web bash -c 'cd apimanager && python manage.py shell'"
-    echo "   - Database shell: docker-compose exec api-manager-db psql -U apimanager -d apimanager"
+    echo "   - Database shell: docker-compose exec api-manager-db psql -U \${POSTGRES_USER:-apimanager} -d \${POSTGRES_DB:-apimanager}"
     echo ""
 
     # Test if the application is responding

development/docker-compose.yml

@@ -11,7 +11,7 @@ services:
       - ..:/app
       - ../logs:/app/logs
     environment:
-      - DATABASE_URL=postgresql://apimanager:apimanager@127.0.0.1:5434/apimanager
+      - DATABASE_URL=postgresql://${POSTGRES_USER:-apimanager}:${POSTGRES_PASSWORD:-CHANGE_THIS_PASSWORD}@127.0.0.1:5434/${POSTGRES_DB:-apimanager}
       - API_HOST=http://127.0.0.1:8080
       - CALLBACK_BASE_URL=http://127.0.0.1:8000
       - ALLOW_DIRECT_LOGIN=True
@@ -27,7 +27,7 @@ services:
     environment:
       - POSTGRES_DB=${POSTGRES_DB:-apimanager}
       - POSTGRES_USER=${POSTGRES_USER:-apimanager}
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-apimanager}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-CHANGE_THIS_PASSWORD}
     volumes:
       - api_manager_postgres_data:/var/lib/postgresql/data
     ports:

development/docker-entrypoint-dev.sh

@@ -7,7 +7,8 @@ set -e
 
 # Wait for database to be ready
 echo "Waiting for database to be ready..."
-while ! pg_isready -h 127.0.0.1 -p 5434 -U apimanager -q; do
+DB_USER=${POSTGRES_USER:-apimanager}
+while ! pg_isready -h 127.0.0.1 -p 5434 -U "$DB_USER" -q; do
   echo "Database is unavailable - sleeping"
   sleep 2
 done