Docker Compose template: Improve secrets handling and add script to trust development certificates

[nikolajlauridsen]

The self-signed certificate is now generated at container startup (on first run) rather than at image build time. This makes the .crt file available on the host via a ./certs bind mount, where trust-cert.sh / trust-cert.ps1 can install it into the OS trust store to eliminate browser HTTPS warnings.

The hardcoded DevOnlyPassword for the certificate has been replaced with a per-instance generated password, and the ImageSharp HMAC secret key is now also generated at template instantiation time and injected via environment variable — bypassing the install-time write to appsettings.json which fails in Docker containers.

Already tested locally.

[claude]

Claude finished @nikolajlauridsen's task in 2m 3s —— View job

---

PR Review

Target: origin/main · Based on commit: 30114cf7 · Classified as: Config-only

Replaces the hardcoded DevOnlyPassword certificate password in the Docker template with a per-project randomly generated GUID, using the dotnet new template engine's built-in guid generator.

• Other changes: Generated projects will now receive a unique, random certificate password in their .env file instead of a shared literal string. This only affects newly scaffolded projects — existing projects are unaffected.

---

Suggestions

• templates/UmbracoProject/Dockerfile:39: $CERT_PASSWORD is unquoted in the shell command. For the "N" GUID format (only [0-9a-f] chars) this is safe, but quoting defensively is good practice in case the format changes: -password pass:"$CERT_PASSWORD".

• templates/UmbracoProject/Dockerfile:20–40: Docker build ARG values are baked into the image layer history and visible via docker history --no-trunc. For a dev-only cert password this is entirely acceptable, but worth noting as a known Docker limitation for anyone who asks why the password is still "visible" after this change. The .pfx is already in the image regardless.

---

Approved

Clean, minimal change. Template replacement chain is correct: the "N" GUID format is shell-safe, the CERT_PASS_FROM_TEMPLATE placeholder is correctly threaded through .env → docker-compose.yml → Dockerfile, and the runtime Kestrel config and build-time cert creation both use the same value. Good call picking "N" (no hyphens, all hex) — it avoids any shell quoting issues with special characters.

[Copilot]

Pull request overview

Updates the Docker Compose and Dockerfile templates to avoid a hard-coded dev certificate password by generating a per-project GUID-based password at template creation time and wiring it through the build/runtime configuration.

Changes:

• Introduce a CERT_PASSWORD build-arg in the project Dockerfile and use it when exporting the generated aspnetcore.pfx.
• Pass CERT_PASSWORD into the image build via docker-compose.yml and use it at runtime for Kestrel certificate loading.
• Generate a GUID-based CERT_PASSWORD in the compose template and populate it into the generated .env.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File	Description
templates/UmbracoProject/Dockerfile	Uses a CERT_PASSWORD build-arg for the generated dev HTTPS certificate export.
templates/UmbracoDockerCompose/docker-compose.yml	Threads CERT_PASSWORD through build args and runtime Kestrel certificate configuration.
templates/UmbracoDockerCompose/.template.config/template.json	Adds a generated GUID symbol to replace the cert password placeholder.
templates/UmbracoDockerCompose/.env	Adds CERT_PASSWORD placeholder to be replaced by the generated GUID.

[Zeegaan]

Makes sense to me 😁