In mentioned course, in Demo-docker compose section at 4:33- database password was added in docker compose yaml file. That was in plain text format. Is it safe to mention password as plain here in production environment ? or is it default in production also to mention plain password?
No.
That’s usually done only for demos or local development to keep things simple. In real environments, using environment variables or Docker secrets is recommended.
For more advanced orchestrators like Kubernetes, we can additionally use certain external secret managers.