From a6d031f46f1de38516fb8259eb68fbfa7cebfbff Mon Sep 17 00:00:00 2001
From: Shane McDonald <me@shanemcd.com>
Date: Wed, 27 Mar 2019 09:31:10 -0400
Subject: [PATCH] Fix permissions of sensitive files in docker-compose
 installation

---
 installer/roles/local_docker/tasks/compose.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/installer/roles/local_docker/tasks/compose.yml b/installer/roles/local_docker/tasks/compose.yml
index 31167a7493..6fda66ffed 100644
--- a/installer/roles/local_docker/tasks/compose.yml
+++ b/installer/roles/local_docker/tasks/compose.yml
@@ -8,22 +8,26 @@
   template:
     src: docker-compose.yml.j2
     dest: "{{ docker_compose_dir }}/docker-compose.yml"
+    mode: 0600
   register: awx_compose_config
 
 - name: Render secrets file
   template:
     src: environment.sh.j2
     dest: "{{ docker_compose_dir }}/environment.sh"
+    mode: 0600
 
 - name: Render application credentials
   template:
     src: credentials.py.j2
     dest: "{{ docker_compose_dir }}/credentials.py"
+    mode: 0600
 
 - name: Render SECRET_KEY file
   copy:
     content: "{{ secret_key }}"
     dest: "{{ docker_compose_dir }}/SECRET_KEY"
+    mode: 0600
 
 - name: Start the containers
   docker_service: