fix(docker): replace anonymous docker volume with env variable for encrypting secrets (#1809)

2026-01-29 10:49:14 +01:00 · 2024-12-31 11:30:29 +01:00
parent 91e1cef611
commit 56b57ad171
11 changed files with 66 additions and 62 deletions
--- a/.env.example
+++ b/.env.example
@@ -4,6 +4,14 @@
 # This file will be committed to version control, so make sure not to have any secrets in it.
 # If you are cloning this repo, create a copy of this file named `.env` and populate it with your secrets.

+# The below secret is not used anywhere but required for Auth.js (Would encrypt JWTs and Mail hashes, both not used)
+AUTH_SECRET="supersecret"
+
+# The below secret is used to encrypt integration secrets in the database.
+# It should be a 32-byte string, generated by running `openssl rand -hex 32` on Unix
+# or starting the project without any (which will show a randomly generated one).
+SECRET_ENCRYPTION_KEY=0000000000000000000000000000000000000000000000000000000000000000
+
 # This is how you can use the sqlite driver:
 DB_DRIVER='better-sqlite3'
 DB_URL='FULL_PATH_TO_YOUR_SQLITE_DB_FILE'
@@ -20,11 +28,6 @@ DB_URL='FULL_PATH_TO_YOUR_SQLITE_DB_FILE'
 # DB_PASSWORD='password'
 # DB_NAME='name-of-database'

-
-# You can generate the secret via 'openssl rand -base64 32' on Unix
-# @see https://next-auth.js.org/configuration/options#secret
-AUTH_SECRET='supersecret'
-
 TURBO_TELEMETRY_DISABLED=1

 # Configure logging to use winston logger