Digital Money House uses a singleDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Gianluca-X/DigitalMoney/llms.txt
Use this file to discover all available pages before exploring further.
.env file at the repository root to supply secrets and connection strings to all eight Docker Compose services. When you run docker-compose up, Compose automatically reads this file and injects the variables into each container’s environment — no manual export statements or shell configuration required. The .env file is listed in .gitignore and is never committed to source control; you must create it locally before the first startup.
Creating the .env file
Create a file named.env in the repository root and populate it with the values below. The example values match the defaults used in development, but you must change the passwords and JWT secret before the stack is reachable from any network other than localhost.
All JDBC URLs used by running containers should reference the Docker service hostname
mysql (not localhost). Docker Compose resolves container hostnames via its internal DNS on the shared back_network bridge network, so localhost would point to each service’s own loopback interface rather than the MySQL container.Variables reference
| Variable | Service(s) | Description | Example Value |
|---|---|---|---|
MYSQL_ROOT_PASSWORD | mysql | Password for the MySQL root superuser. Used by the healthcheck (mysqladmin ping) and for initial database setup. | root |
MYSQL_PASSWORD | mysql / all services | Shared password for all three per-service MySQL users (auth_service_user, user_service_user, account_service_user). Created by init.sql and injected as SPRING_DATASOURCE_PASSWORD for each service. | nerea |
AUTH_DB_URL | auth-service | Full JDBC connection URL for the Auth Service database. Must use the mysql hostname when running inside Docker. | jdbc:mysql://mysql:3306/auth_service_db |
AUTH_DB_USERNAME | auth-service | MySQL username for the Auth Service database. Created by init.sql with GRANT ALL PRIVILEGES ON auth_service_db.*. | auth_service_user |
AUTH_DB_DATABASE | auth-service | Name of the Auth Service database. | auth_service_db |
USER_DB_URL | user-service | Full JDBC connection URL for the User Service database. | jdbc:mysql://mysql:3306/user_service_db |
USER_DB_USERNAME | user-service | MySQL username for the User Service database. Created by init.sql with GRANT ALL PRIVILEGES ON user_service_db.*. | user_service_user |
USER_DB_DATABASE | user-service | Name of the User Service database. | user_service_db |
ACCOUNT_DB_URL | accounts-service | Full JDBC connection URL for the Accounts Service database. | jdbc:mysql://mysql:3306/account_service_db |
ACCOUNT_DB_USERNAME | accounts-service | MySQL username for the Accounts Service database. Created by init.sql with GRANT ALL PRIVILEGES ON account_service_db.*. | account_service_user |
ACCOUNT_DB_DATABASE | mysql | Name of the default database that MySQL creates on first startup (MYSQL_DATABASE). Also used as the Accounts Service database name. | account_service_db |
EUREKA_CLIENT_SERVICEURL_DEFAULTZONE | All services | Full URL of the Eureka Server that services register with. Must use the eureka-server hostname when running inside Docker. | http://eureka-server:8761/eureka/ |
SPRING_PROFILES_ACTIVE | All services | Active Spring profile. Set to dev for local development. | dev |
JWT_SECRET | auth-service, accounts-service, gateway | Shared HMAC-SHA256 secret used to sign and verify JWT tokens. Must be identical across all three services. Must be at least 32 characters (256 bits) to satisfy the HS256 algorithm requirements. | mySuperUltraSecretKeyForJWTGeneration123456! |
How variables are injected
Docker Compose injects environment variables into containers in two ways, both declared indocker-compose.yml:
env_file — loads the entire .env file into the container environment, making every variable available to the Spring Boot application:
environment — maps specific .env variables to Spring Boot property names, overriding any values set in application.yml or application.properties:
SPRING_DATASOURCE_URL → spring.datasource.url, JWT_SECRET → jwt.secret, and so on.
Security guidelines
Follow these practices when configuring the stack for any shared or production-adjacent environment: Passwords — use randomly generated strings of at least 20 characters forMYSQL_ROOT_PASSWORD and MYSQL_PASSWORD. Tools like openssl rand -base64 20 generate suitable values.
JWT secret — the HS256 algorithm requires a minimum of 256 bits (32 bytes). Use a randomly generated secret of at least 64 characters to give yourself a comfortable margin. All three services that consume JWT_SECRET (auth-service, accounts-service, gateway) must share the exact same value, or token validation will fail.
Version control — confirm that .env is included in .gitignore and has never been committed. If it has been committed, rotate all secrets immediately and rewrite git history with git filter-branch or git-filter-repo.
Secret management — for production deployments, avoid using a flat .env file. Inject secrets using your platform’s native secret manager (AWS Secrets Manager, HashiCorp Vault, Kubernetes Secrets) and pass them as environment variables at runtime.
PostgreSQL migration branch
If you prefer PostgreSQL over MySQL, a migration branch is available:The PostgreSQL branch replaces the MySQL-specific variables above with PostgreSQL equivalents (e.g.,
POSTGRES_DB, POSTGRES_USER, POSTGRES_PASSWORD) and updates all JDBC URLs to use the postgresql driver scheme. The postgres_data volume declared in docker-compose.yml on main is reserved for use by this branch.