From 968733190275049f452da525db14fdb955d22b4c Mon Sep 17 00:00:00 2001
From: Robert Drake <rfdrake@users.noreply.github.com>
Date: Mon, 6 Oct 2025 11:45:35 -0400
Subject: [PATCH] Remove all hardcoded passwords from the example

---
 Monitoring.md | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/Monitoring.md b/Monitoring.md
index b31a88a..3625c4f 100644
--- a/Monitoring.md
+++ b/Monitoring.md
@@ -32,10 +32,11 @@ services:
     image: wrouesnel/postgres_exporter:v0.8.0
     depends_on:
     - postgres
+    env_file: env/postgres.env
     environment:
       DATA_SOURCE_URI: postgres?sslmode=disable
-      DATA_SOURCE_USER: netbox
-      DATA_SOURCE_PASS: J5brHrAXFLQSif0K
+      DATA_SOURCE_USER: $${POSTGRES_USER}
+      DATA_SOURCE_PASS: $${POSTGRES_PASSWORD}
       PG_EXPORTER_AUTO_DISCOVER_DATABASES: 'true'
 
   # redis
@@ -43,16 +44,16 @@ services:
     image: oliver006/redis_exporter
     depends_on:
     - redis
+    env_file: env/redis.env
     environment:
       REDIS_ADDR: redis://redis:6379
-      REDIS_PASSWORD: H733Kdjndks81
   redis-cache-exporter:
     image: oliver006/redis_exporter
     depends_on:
     - redis-cache
+    env_file: env/redis-cache.env
     environment:
       REDIS_ADDR: redis://redis-cache:6379
-      REDIS_PASSWORD: t4Ph722qJ5QHeQ1qfu36
 
   # prometheus
   prometheus:
@@ -73,10 +74,9 @@ services:
     image: grafana/grafana:latest
     depends_on:
     - prometheus
+    env_file: env/grafana.env
     environment:
       GF_SECURITY_ADMIN_USER: admin
-      GF_SECURITY_ADMIN_PASSWORD: admin
-      GF_SECURITY_SECRET_KEY: oew5RCBGGBba0MdsEKrj
       GF_METRICS_ENABLED: 'true'
     ports:
     - '3000:3000'
@@ -120,7 +120,12 @@ scrape_configs:
   - targets: ['grafana:3000']
 ```
 
-Then run `docker-compose up`.
+Finally, create env/grafana.env.  You will need to know the ADMIN PASSWORD to login to grafana, but it will be changed on first login.
+
+    echo "GF_SECURITY_SECRET_KEY=$(openssl rand -base64 32)" > env/grafana.env
+    echo "GF_SECURITY_ADMIN_PASSWORD=$(openssl rand -hex 5)" | tee -a env/grafana.env
+
+Then run `docker compose up`.
 
 ## Prometheus
 
@@ -132,7 +137,7 @@ You can access [Prometheus on port 9090](http://localhost:9090).
 Grafana provides visualization of the data, which can be composed into dashboard.
 To fetch the data it talks directly to the Prometheus service.
 You can access [Grafana on port 3000](http://localhost:3000).
-The default credentials are `admin:admin`.
+The default credentials are `admin` and what was configured in the GF_SECURITY_ADMIN_PASSWORD environment variable in env/grafana.env.
 
 You will find several user-made [dashboards on the Grafana page](https://grafana.com/grafana/dashboards?dataSource=prometheus) which are easy to import using the Grafana Dashboard ID.
 There are already dashboard for Nginx, PostgreSQL, Redis, Prometheus and also Django (which is the framework on which NetBox is built).