Self Checks

• I have read the Contributing Guide and Language Policy.
• I have searched for existing issues search for existing issues, including closed ones.
• I confirm that I am using English to submit this report, otherwise it will be closed.
• Please do not modify this template :) and fill in all the required fields.

1. Is this request related to a challenge you're experiencing? Tell me about your story.

In production deployments, it is common to assign per-service database credentials (e.g. dify-api gets a read-write user, worker gets a different user with limited privileges). Currently, api, worker, and worker_beat all share the same DB_USERNAME / DB_PASSWORD via the x-shared-env anchor in docker-compose.yaml.

Docker Compose does not support variable-level fallback or per-service override within a shared YAML anchor — you can only override the entire environment block, which defeats the purpose of x-shared-env. This means there is no clean way at the Compose layer to give individual services their own DB credentials while still sharing the rest of the env vars.

Proposed solution: Add two new optional environment variables DIFY_DB_USER and DIFY_DB_PASS in the DatabaseConfig (Pydantic settings). When set, they take precedence over DB_USERNAME / DB_PASSWORD; when unset, behaviour is unchanged (fallback to the originals). This allows operators to inject per-service credentials at the container level without duplicating the entire shared env block.

2. Additional context or comments

• Only one file needs to change: api/configs/middleware/__init__.py.
• Zero breaking change — existing deployments that don't set the new vars are unaffected.
• The same DatabaseConfig is loaded by all three services (api / worker / worker_beat), so the override applies uniformly.

3. Can you help us with this feature?

• I am interested in contributing to this feature.