fix(deploy): let app own secret key — remove STEWARD_SECRET_KEY from deploy compose
CI / lint (push) Successful in 3s
CI / unit (push) Successful in 7s
CI / integration (push) Successful in 2m13s
CI / publish (push) Successful in 4s

The app auto-generates a key on first boot and persists it to /data/secret.key,
which the app_data volume keeps across image updates. No reason to surface this
as a user-facing env var in the deploy compose. Removed from .env.example too.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-05 11:28:53 -04:00
parent ef6c90c022
commit 98edb12abb
2 changed files with 3 additions and 5 deletions
+3 -4
View File
@@ -23,10 +23,9 @@ services:
- app_data:/data
environment:
- STEWARD_DATABASE_URL=postgresql+asyncpg://steward:${POSTGRES_PASSWORD:-steward}@db/steward
# Optional: if unset, the app generates a key and persists it to
# /data/secret.key, so sessions survive restarts via the app_data volume.
# Set STEWARD_SECRET_KEY in .env to pin it explicitly across volume resets.
- STEWARD_SECRET_KEY=${STEWARD_SECRET_KEY:-}
# STEWARD_SECRET_KEY is intentionally absent — the app generates a random
# key on first boot and persists it to /data/secret.key, which the app_data
# volume keeps across image updates.
depends_on:
db:
condition: service_healthy