fix: enforce 32-character minimum length for APP_SECRET (#702)

* Enforce 32 characters minimum APP_SECRET length * update APP_SECRET comment
2025-11-10 03:32:06 +10:00 · 2025-02-06 17:46:32 +00:00
parent 33ddd92198
commit 040d6625df
2 changed files with 3 additions and 1 deletions
--- a/.env.example
+++ b/.env.example
@ -2,7 +2,7 @@
 APP_URL=http://localhost:3000
 PORT=3000

-# make sure to replace this.
+# minimum of 32 characters. Generate one with: openssl rand -hex 32
 APP_SECRET=REPLACE_WITH_LONG_SECRET

 JWT_TOKEN_EXPIRES_IN=30d