With this new release, you need to mount /app/db somewhere your user 1000:1000 has read-write permissions.
Since we're now using non-root on the container, the /app/backups volume also needs to be mounted somewhere you have read-write permissions on user 1000:1000 so the app can write the backups to disk.
No more plaintext password passing via env vars or being shown in docker inspect.
This is something I wanted from the start and people were reluctant to use the tool because of, so now we are not storing it in plaintext anymore, although full disclosure, the decryption key for the database is still stored plaintext in the /app/db folder alongside the db, so make sure to protect that folder well.
New setup flow is explained in README.md