Was talking to a more seasoned developer because I was having difficulty setting up a workflow where a developer would run a shell script, answered prompts, responses populate env vars, and then when docker-compose was run, those env vars would be pulled into the Dockerfile to set things like POSTGRES_USER, POSTGRES_PASSWORD, etc.
I'm still working on that, and is an aside from what I'm actually wondering…
He was curious why I'd even bother. Seems his point was basically: "If this is just for development and the database is being run on the developers computer, why bother changing from the defaults?"
Seemed odd and that they should be locked down regardless just in case someone got into their laptop. But he is higher up the ladder than I am, so I'm just curious about this.