I’m not seeing much on security IN containers. Stuff like whether you should use the container’s root user or another user you create, password protection on root/other users in a container, and things like that. Looking at the “security.md” file on GitHub and seeing this:
For production setup, it’s recommended that core.trust_password is unset after all clients have been added. This prevents brute-force attacks trying to guess the password.
Are there any resources or insights on this?