From 72dbd0189c16aaa81e938cceb043d76fa21cd489 Mon Sep 17 00:00:00 2001
From: bunker-admin <admin@thebunkerops.ca>
Date: Thu, 9 Apr 2026 09:26:51 -0600
Subject: [PATCH] Pass GITEA_SSO_SECRET and SERVICE_PASSWORD_SALT to API
 container

These env vars were defined in .env but never mapped into the API
container's environment block, causing silent fallback to
JWT_ACCESS_SECRET and security warnings on startup.

Bunker Admin
---
 docker-compose.prod.yml | 2 ++
 docker-compose.yml      | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 5bd90fa7..ca951ade 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -40,6 +40,8 @@ services:
       - JWT_ACCESS_SECRET=${JWT_ACCESS_SECRET}
       - JWT_REFRESH_SECRET=${JWT_REFRESH_SECRET}
       - JWT_INVITE_SECRET=${JWT_INVITE_SECRET}
+      - GITEA_SSO_SECRET=${GITEA_SSO_SECRET:-}
+      - SERVICE_PASSWORD_SALT=${SERVICE_PASSWORD_SALT:-}
       - JWT_ACCESS_EXPIRY=${JWT_ACCESS_EXPIRY:-15m}
       - JWT_REFRESH_EXPIRY=${JWT_REFRESH_EXPIRY:-7d}
       - ENCRYPTION_KEY=${ENCRYPTION_KEY}
diff --git a/docker-compose.yml b/docker-compose.yml
index 109e9ea0..4f157a5f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -39,6 +39,8 @@ services:
       - JWT_ACCESS_SECRET=${JWT_ACCESS_SECRET}
       - JWT_REFRESH_SECRET=${JWT_REFRESH_SECRET}
       - JWT_INVITE_SECRET=${JWT_INVITE_SECRET}
+      - GITEA_SSO_SECRET=${GITEA_SSO_SECRET:-}
+      - SERVICE_PASSWORD_SALT=${SERVICE_PASSWORD_SALT:-}
       - JWT_ACCESS_EXPIRY=${JWT_ACCESS_EXPIRY:-15m}
       - JWT_REFRESH_EXPIRY=${JWT_REFRESH_EXPIRY:-7d}
       - ENCRYPTION_KEY=${ENCRYPTION_KEY}