🔒 SECURITY: Remove .env from history, add .env.example, sanitize README

Made-with: Cursor

.env.example

@@ -0,0 +1,39 @@
+# ====== Environment Configuration Template ======
+# Copy to .env and fill in your values before first boot.
+
+NODE_ENV=production
+
+# Database
+POSTGRES_PASSWORD="your-secure-postgres-password"
+DB_NAME="phoenix"
+DB_HOST="phoenixDB"
+DB_PORT=5432
+DB_USERNAME="postgres"
+PHX_SYSTEM_CONNECTION_POOL_MAX=5
+PHX_WORKER_CONNECTION_POOL_MAX=2
+
+# pgAdmin (uses SUPER_ADMIN_USER_PASSWORD for default password)
+PGADMIN_DEFAULT_EMAIL="admin@yourdomain.com"
+
+# Mail server
+MAIL_SERVER="mail.yourdomain.com"
+MAIL_PORT=465
+MAIL_USERNAME="noreply@yourdomain.com"
+MAIL_PASSWORD="your-mail-password"
+SECURITY_EMAIL_SENDER="'No Reply <no-reply@yourdomain.com>'"
+
+# Phoenix ERP - used only on first boot
+SUPER_ADMIN_USER_PASSWORD=your-secure-password-here
+
+# Redis
+REDIS_PASSWORD="your-secure-redis-password"
+
+# Phoenix system
+PHOENIX_SYSTEM_REPLICAS=1
+PHX_HOST_NAME=
+CREDENTIAL_ENCRYPTION_KEY=your-32-char-encryption-key
+
+# Optional performance tuning
+# PERFORMANCE_STRUCTURED_LOGGING=false
+# PERFORMANCE_WARNING_THRESHOLD=100
+# PERFORMANCE_DETAILED_MEMORY=false

.gitignore

@@ -8,4 +8,6 @@ nginx
 redis
 pgadmin/data
 database_bkp
-volumes
+volumes
+.env
+.env.local.backup

README.md

@@ -39,10 +39,9 @@ SUPER_ADMIN_USER_PASSWORD=your-secure-password-here
 Example:
 ```bash
 NODE_ENV=production
-POSTGRES_PASSWORD="8*6&Ti3TJxN^"
+POSTGRES_PASSWORD="your-secure-postgres-password"
-PGADMIN_DEFAULT_EMAIL="info@phx-erp.de"
+PGADMIN_DEFAULT_EMAIL="admin@yourdomain.com"
-PGADMIN_DEFAULT_PASSWORD="8*6&Ti3TJxN^"
+SUPER_ADMIN_USER_PASSWORD=your-secure-password-here
-SUPER_ADMIN_USER_PASSWORD=123
 ```
 
 ⚠️ IMPORTANT: ONE-TIME SETTING ONLY
@@ -85,4 +84,4 @@ You can access log services like pgAdmin, Postgres, Phoenix ERP, and others afte
 | **Service**     | **URL**                        | **Credentials**                                    |
 |------------------|----------------------------------|----------------------------------------------------|
 | **Phoenix ERP**  | [http://HOST_IP](http://HOST_IP) | login: superadmin and password as configured in `.env` -> `SUPER_ADMIN_USER_PASSWORD`           |
-| **pgAdmin**      | [http://HOST_IP/pgadmin4/](http://HOST_IP/pgadmin4/) | Email: `info@phx-erp.de`  <br> Password: from `SUPER_ADMIN_USER_PASSWORD` |
+| **pgAdmin**      | [http://HOST_IP/pgadmin4/](http://HOST_IP/pgadmin4/) | Email: from `PGADMIN_DEFAULT_EMAIL`  <br> Password: from `SUPER_ADMIN_USER_PASSWORD` |