From 6a391050d32315b0868f3bb32d30be7dfcce9a46 Mon Sep 17 00:00:00 2001 From: Jeremy Dawes Date: Thu, 26 Jun 2025 19:09:36 +1000 Subject: [PATCH] chore: improve password strength in install script (#12878) (#12896) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary - Fixes #12878 - Increases PostgreSQL password generation from 16 to 32 bytes - Improves default security for new installations - Aligns with the password strength recommendation in the manual setup documentation ## Change Details Changed the password generation in `packages/twenty-docker/scripts/install.sh` from: ```bash echo "PG_DATABASE_PASSWORD=$(openssl rand -hex 16)" >> .env ``` to: ```bash echo "PG_DATABASE_PASSWORD=$(openssl rand -hex 32)" >> .env ``` This generates a 64-character hexadecimal password (32 bytes) instead of a 32-character one (16 bytes), providing significantly better security for PostgreSQL database passwords in new installations. --- 🤖 This fix was implemented using [Claude Code](https://claude.ai/code) by Jez (Jeremy Dawes) and Claude working together\! Thanks to the Twenty team for maintaining such a great project\! 🚀 Co-authored-by: Claude --- packages/twenty-docker/scripts/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/twenty-docker/scripts/install.sh b/packages/twenty-docker/scripts/install.sh index 320696d13..2ae7bb4e1 100755 --- a/packages/twenty-docker/scripts/install.sh +++ b/packages/twenty-docker/scripts/install.sh @@ -94,7 +94,7 @@ echo "# === Randomly generated secret ===" >> .env echo "APP_SECRET=$(openssl rand -base64 32)" >> .env echo "" >> .env -echo "PG_DATABASE_PASSWORD=$(openssl rand -hex 16)" >> .env +echo "PG_DATABASE_PASSWORD=$(openssl rand -hex 32)" >> .env echo -e "\t• .env configuration completed"