From 54dd6b4f2d806d7f5842e011c031108421ec4a46 Mon Sep 17 00:00:00 2001
From: 0xVox <fearvox1015@gmail.com>
Date: Tue, 2 Jun 2026 17:16:07 -0700
Subject: [PATCH] fix(EverCore): require MinIO credentials from environment
 (CWE-798)

docker-compose.yaml hardcoded minioadmin/minioadmin for the Milvus
MinIO object store (CWE-798: Use of Hard-coded Credentials). Replace
the literals with ${MINIO_ACCESS_KEY:?...} / ${MINIO_SECRET_KEY:?...}
so the values are sourced from the environment and compose fails loudly
when they are unset. Document the new variables in env.template.

Adopts upstream EverMind-AI/EverOS PR #206.

Verified locally with `docker-compose config`:
- unset: errors "required variable MINIO_ACCESS_KEY is missing a value"
- set:   resolves to the provided env values

Co-authored-by: Sebastion <sebastion@sebastion.dev>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 methods/EverCore/docker-compose.yaml | 4 ++--
 methods/EverCore/env.template        | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/methods/EverCore/docker-compose.yaml b/methods/EverCore/docker-compose.yaml
index 29407030..74d0f6a2 100644
--- a/methods/EverCore/docker-compose.yaml
+++ b/methods/EverCore/docker-compose.yaml
@@ -78,8 +78,8 @@ services:
     container_name: memsys-milvus-minio
     restart: unless-stopped
     environment:
-      MINIO_ACCESS_KEY: minioadmin
-      MINIO_SECRET_KEY: minioadmin
+      MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:?Set MINIO_ACCESS_KEY in your .env file}
+      MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:?Set MINIO_SECRET_KEY in your .env file}
     ports:
       - "9001:9001"
       - "9000:9000"
diff --git a/methods/EverCore/env.template b/methods/EverCore/env.template
index c9495b77..c92fde20 100755
--- a/methods/EverCore/env.template
+++ b/methods/EverCore/env.template
@@ -185,6 +185,11 @@ ES_VERIFY_CERTS=false
 MILVUS_HOST=localhost
 MILVUS_PORT=19530
 
+# MinIO credentials used by Milvus object storage.
+# Change these before running docker compose; docker-compose.yaml requires them.
+MINIO_ACCESS_KEY=change-me-minio-access-key
+MINIO_SECRET_KEY=change-me-minio-secret-key
+
 
 # ===================
 # API Server Configuration