Summary

Fixes #7655 — /claim #7655

When deploying a Docker Compose project, Coolify previously injected all environment variables into every container via a single shared .env file. This is a security issue: secrets from one service (e.g. database passwords) were visible to all other containers.

Changes

bootstrap/helpers/parsers.php

• Each service now receives env_file: ['.env.{serviceName}'] instead of the global .env

app/Models/Service.php

• Generates per-service .env.{serviceName} files containing only:
  • Variables referenced in that service’s environment: section
  • COOLIFY_* metadata variables
  • SERVICE_NAME_* non-secret variables
• Global .env preserved for YAML substitution

app/Actions/Service/StartService.php

• Defensive touch of per-service env files before startup

Backward Compatibility

• Global .env still exists for YAML variable substitution
• Existing deployments continue to work (additive change)
• Service environment: sections untouched