Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Gianluca-X/DigitalMoney/llms.txt

Use this file to discover all available pages before exploring further.

Digital Money House uses a single .env file at the repository root to supply secrets and connection strings to all eight Docker Compose services. When you run docker-compose up, Compose automatically reads this file and injects the variables into each container’s environment — no manual export statements or shell configuration required. The .env file is listed in .gitignore and is never committed to source control; you must create it locally before the first startup.

Creating the .env file

Create a file named .env in the repository root and populate it with the values below. The example values match the defaults used in development, but you must change the passwords and JWT secret before the stack is reachable from any network other than localhost.
# MySQL root credentials
MYSQL_ROOT_PASSWORD=root
MYSQL_PASSWORD=nerea

# Auth Service DB
AUTH_DB_URL=jdbc:mysql://mysql:3306/auth_service_db
AUTH_DB_USERNAME=auth_service_user
AUTH_DB_DATABASE=auth_service_db

# User Service DB
USER_DB_URL=jdbc:mysql://mysql:3306/user_service_db
USER_DB_USERNAME=user_service_user
USER_DB_DATABASE=user_service_db

# Account Service DB
ACCOUNT_DB_URL=jdbc:mysql://mysql:3306/account_service_db
ACCOUNT_DB_USERNAME=account_service_user
ACCOUNT_DB_DATABASE=account_service_db

# Eureka
EUREKA_CLIENT_SERVICEURL_DEFAULTZONE=http://eureka-server:8761/eureka/

# Spring Profiles
SPRING_PROFILES_ACTIVE=dev

# JWT
JWT_SECRET=mySuperUltraSecretKeyForJWTGeneration123456!
All JDBC URLs used by running containers should reference the Docker service hostname mysql (not localhost). Docker Compose resolves container hostnames via its internal DNS on the shared back_network bridge network, so localhost would point to each service’s own loopback interface rather than the MySQL container.

Variables reference

VariableService(s)DescriptionExample Value
MYSQL_ROOT_PASSWORDmysqlPassword for the MySQL root superuser. Used by the healthcheck (mysqladmin ping) and for initial database setup.root
MYSQL_PASSWORDmysql / all servicesShared password for all three per-service MySQL users (auth_service_user, user_service_user, account_service_user). Created by init.sql and injected as SPRING_DATASOURCE_PASSWORD for each service.nerea
AUTH_DB_URLauth-serviceFull JDBC connection URL for the Auth Service database. Must use the mysql hostname when running inside Docker.jdbc:mysql://mysql:3306/auth_service_db
AUTH_DB_USERNAMEauth-serviceMySQL username for the Auth Service database. Created by init.sql with GRANT ALL PRIVILEGES ON auth_service_db.*.auth_service_user
AUTH_DB_DATABASEauth-serviceName of the Auth Service database.auth_service_db
USER_DB_URLuser-serviceFull JDBC connection URL for the User Service database.jdbc:mysql://mysql:3306/user_service_db
USER_DB_USERNAMEuser-serviceMySQL username for the User Service database. Created by init.sql with GRANT ALL PRIVILEGES ON user_service_db.*.user_service_user
USER_DB_DATABASEuser-serviceName of the User Service database.user_service_db
ACCOUNT_DB_URLaccounts-serviceFull JDBC connection URL for the Accounts Service database.jdbc:mysql://mysql:3306/account_service_db
ACCOUNT_DB_USERNAMEaccounts-serviceMySQL username for the Accounts Service database. Created by init.sql with GRANT ALL PRIVILEGES ON account_service_db.*.account_service_user
ACCOUNT_DB_DATABASEmysqlName of the default database that MySQL creates on first startup (MYSQL_DATABASE). Also used as the Accounts Service database name.account_service_db
EUREKA_CLIENT_SERVICEURL_DEFAULTZONEAll servicesFull URL of the Eureka Server that services register with. Must use the eureka-server hostname when running inside Docker.http://eureka-server:8761/eureka/
SPRING_PROFILES_ACTIVEAll servicesActive Spring profile. Set to dev for local development.dev
JWT_SECRETauth-service, accounts-service, gatewayShared HMAC-SHA256 secret used to sign and verify JWT tokens. Must be identical across all three services. Must be at least 32 characters (256 bits) to satisfy the HS256 algorithm requirements.mySuperUltraSecretKeyForJWTGeneration123456!

How variables are injected

Docker Compose injects environment variables into containers in two ways, both declared in docker-compose.yml: env_file — loads the entire .env file into the container environment, making every variable available to the Spring Boot application:
env_file:
  - .env
environment — maps specific .env variables to Spring Boot property names, overriding any values set in application.yml or application.properties:
environment:
  - SPRING_DATASOURCE_URL=${AUTH_DB_URL}
  - SPRING_DATASOURCE_USERNAME=${AUTH_DB_USERNAME}
  - SPRING_DATASOURCE_PASSWORD=${MYSQL_PASSWORD}
  - SPRING_DATASOURCE_DRIVER_CLASS_NAME=com.mysql.cj.jdbc.Driver
  - SPRING_JPA_DATABASE_PLATFORM=org.hibernate.dialect.MySQLDialect
  - JWT_SECRET=${JWT_SECRET}
Spring Boot’s relaxed binding maps SPRING_DATASOURCE_URLspring.datasource.url, JWT_SECRETjwt.secret, and so on.

Security guidelines

The default values in the sample .env above — including MYSQL_ROOT_PASSWORD=root, MYSQL_PASSWORD=nerea, and the example JWT_SECRET — are publicly known because they appear in the repository’s committed .env file. You must replace all of them before exposing any service port to a network, even on a private development machine.
Follow these practices when configuring the stack for any shared or production-adjacent environment: Passwords — use randomly generated strings of at least 20 characters for MYSQL_ROOT_PASSWORD and MYSQL_PASSWORD. Tools like openssl rand -base64 20 generate suitable values. JWT secret — the HS256 algorithm requires a minimum of 256 bits (32 bytes). Use a randomly generated secret of at least 64 characters to give yourself a comfortable margin. All three services that consume JWT_SECRET (auth-service, accounts-service, gateway) must share the exact same value, or token validation will fail. Version control — confirm that .env is included in .gitignore and has never been committed. If it has been committed, rotate all secrets immediately and rewrite git history with git filter-branch or git-filter-repo. Secret management — for production deployments, avoid using a flat .env file. Inject secrets using your platform’s native secret manager (AWS Secrets Manager, HashiCorp Vault, Kubernetes Secrets) and pass them as environment variables at runtime.

PostgreSQL migration branch

If you prefer PostgreSQL over MySQL, a migration branch is available:
git checkout feature/migrate-to-postgresql
The PostgreSQL branch replaces the MySQL-specific variables above with PostgreSQL equivalents (e.g., POSTGRES_DB, POSTGRES_USER, POSTGRES_PASSWORD) and updates all JDBC URLs to use the postgresql driver scheme. The postgres_data volume declared in docker-compose.yml on main is reserved for use by this branch.

Build docs developers (and LLMs) love