Update compose.yaml to include .env file for environment variable injection, enhancing security and usability for the Versity S3 Gateway deployment. This change ensures that necessary environment variables are accessible within the container, improving the overall configuration process.

komodo/s3/versitygw/.env.sample

@@ -1,8 +1,12 @@
 # Versity S3 Gateway — root credentials for the flat-file IAM backend.
-# Copy to `.env` and set strong values before `docker compose up -d`.
+# Copy to `.env` in this directory (same folder as compose.yaml).
 # https://github.com/versity/versitygw/wiki/Quickstart
 #
-# Set either pair (same names as the Kubernetes Helm chart):
+# Komodo: use these exact names in Stack Environment — they are written to `.env`
+# on the host (default `env_file_path`). If you change `env_file_path` in the Stack,
+# update `env_file` in compose.yaml to match.
+#
+# Set either pair (Helm chart uses the *_ID / *_ACCESS_KEY names):
 #   ROOT_ACCESS_KEY + ROOT_SECRET_KEY
 #   ROOT_ACCESS_KEY_ID + ROOT_SECRET_ACCESS_KEY
 

komodo/s3/versitygw/compose.yaml

@@ -5,13 +5,13 @@ services:
     image: versity/versitygw:v1.3.1
     container_name: versitygw
     restart: unless-stopped
+    # Komodo writes Stack Environment to `.env` in the run directory; that file is
+    # not automatically injected into the container unless listed here (pass-through
+    # only sees the compose process env, not this file).
+    env_file:
+      - path: .env
+        required: false
     environment:
-      # Pass-through (no `${VAR}`): avoids empty interpolation when secrets are
-      # only in the deploy environment (e.g. Komodo) or not in `.env`.
-      - ROOT_ACCESS_KEY
-      - ROOT_SECRET_KEY
-      - ROOT_ACCESS_KEY_ID
-      - ROOT_SECRET_ACCESS_KEY
       # Matches Helm chart default; enables `/_/health` for probes.
       - VGW_HEALTH=/_/health
     ports: