Refactor Versity S3 Gateway configuration in README.md, .env.sample, and compose.yaml. Update README to clarify environment variable usage and adjust .env.sample for local setup instructions. Modify compose.yaml to utilize environment variable interpolation, ensuring proper credential handling and enhancing deployment security.

komodo/s3/versitygw/.env.sample

@@ -1,14 +1,14 @@
 # Versity S3 Gateway — root credentials for the flat-file IAM backend.
-# Copy to `.env` in this directory (same folder as compose.yaml).
 # https://github.com/versity/versitygw/wiki/Quickstart
 #
-# Komodo: use these exact names in Stack Environment — they are written to `.env`
-# on the host (default `env_file_path`). If you change `env_file_path` in the Stack,
-# update `env_file` in compose.yaml to match.
+# Local: copy to `.env` next to compose.yaml (or set `run_directory` to this folder
+# in Komodo) so `docker compose` can interpolate `${ROOT_ACCESS_KEY}` etc.
 #
-# Set either pair (Helm chart uses the *_ID / *_ACCESS_KEY names):
+# Komodo: Stack Environment is written to `<run_directory>/.env` and passed as
+# `--env-file` — that drives `${VAR}` in compose.yaml. Set **one** pair using exact
+# names (leave the other pair unset / empty):
 #   ROOT_ACCESS_KEY + ROOT_SECRET_KEY
-#   ROOT_ACCESS_KEY_ID + ROOT_SECRET_ACCESS_KEY
+#   ROOT_ACCESS_KEY_ID + ROOT_SECRET_ACCESS_KEY (Helm-style)
 
 ROOT_ACCESS_KEY=
 ROOT_SECRET_KEY=

komodo/s3/versitygw/compose.yaml

@@ -5,15 +5,18 @@ services:
     image: versity/versitygw:v1.3.1
     container_name: versitygw
     restart: unless-stopped
-    # Komodo writes Stack Environment to `.env` in the run directory; that file is
-    # not automatically injected into the container unless listed here (pass-through
-    # only sees the compose process env, not this file).
-    env_file:
-      - path: .env
-        required: false
+    # Credentials: use `${VAR}` so values come from the same env Komodo passes with
+    # `docker compose --env-file <run_directory>/.env` (see Komodo Stack docs).
+    # Do NOT use `env_file: .env` here: that path is resolved next to *this* compose
+    # file, while Komodo writes `.env` under `run_directory` — they often differ
+    # (e.g. run_directory = repo root, compose in komodo/s3/versitygw/).
     environment:
+      ROOT_ACCESS_KEY: ${ROOT_ACCESS_KEY}
+      ROOT_SECRET_KEY: ${ROOT_SECRET_KEY}
+      ROOT_ACCESS_KEY_ID: ${ROOT_ACCESS_KEY_ID}
+      ROOT_SECRET_ACCESS_KEY: ${ROOT_SECRET_ACCESS_KEY}
       # Matches Helm chart default; enables `/_/health` for probes.
-      - VGW_HEALTH=/_/health
+      VGW_HEALTH: /_/health
     ports:
       - "${VERSITYGW_PORT:-10000}:10000"
     volumes: