claude-hub/docker-compose.secrets.yml

version: '3.8'

services:
  webhook:
    build: .
    ports:
      - "3003:3002"
    secrets:
      - github_token
      - anthropic_api_key
      - webhook_secret
    environment:
      - NODE_ENV=production
      - PORT=3002
      - AUTHORIZED_USERS=Cheffromspace
      - BOT_USERNAME=@MCPClaude
      - DEFAULT_GITHUB_OWNER=Cheffromspace
      - DEFAULT_GITHUB_USER=Cheffromspace
      - DEFAULT_BRANCH=main
      - CLAUDE_USE_CONTAINERS=1
      - CLAUDE_CONTAINER_IMAGE=claudecode:latest
      # Point to secret files instead of env vars
      - GITHUB_TOKEN_FILE=/run/secrets/github_token
      - ANTHROPIC_API_KEY_FILE=/run/secrets/anthropic_api_key
      - GITHUB_WEBHOOK_SECRET_FILE=/run/secrets/webhook_secret
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    restart: unless-stopped

secrets:
  github_token:
    file: ./secrets/github_token.txt
  anthropic_api_key:
    file: ./secrets/anthropic_api_key.txt
  webhook_secret:
    file: ./secrets/webhook_secret.txt