fix(deploy): let app own secret key — remove STEWARD_SECRET_KEY from deploy compose
The app auto-generates a key on first boot and persists it to /data/secret.key, which the app_data volume keeps across image updates. No reason to surface this as a user-facing env var in the deploy compose. Removed from .env.example too. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -1,7 +1,6 @@
|
||||
# Copy to .env for Docker / local development secrets
|
||||
# These override values in config.yaml
|
||||
|
||||
STEWARD_SECRET_KEY=change-me
|
||||
STEWARD_DATABASE_URL=postgresql+asyncpg://steward:password@localhost/steward
|
||||
STEWARD_SMTP__PASSWORD=
|
||||
|
||||
|
||||
+3
-4
@@ -23,10 +23,9 @@ services:
|
||||
- app_data:/data
|
||||
environment:
|
||||
- STEWARD_DATABASE_URL=postgresql+asyncpg://steward:${POSTGRES_PASSWORD:-steward}@db/steward
|
||||
# Optional: if unset, the app generates a key and persists it to
|
||||
# /data/secret.key, so sessions survive restarts via the app_data volume.
|
||||
# Set STEWARD_SECRET_KEY in .env to pin it explicitly across volume resets.
|
||||
- STEWARD_SECRET_KEY=${STEWARD_SECRET_KEY:-}
|
||||
# STEWARD_SECRET_KEY is intentionally absent — the app generates a random
|
||||
# key on first boot and persists it to /data/secret.key, which the app_data
|
||||
# volume keeps across image updates.
|
||||
depends_on:
|
||||
db:
|
||||
condition: service_healthy
|
||||
|
||||
Reference in New Issue
Block a user