mirror of
https://github.com/mauriceboe/TREK.git
synced 2026-06-19 13:21:46 +00:00
jubnl
358afd2428
Auto-generating and persisting the key to data/.encryption_key co-locates the key with the database, defeating encryption at rest if an attacker can read the data directory. It also silently loses all encrypted secrets if the data volume is recreated. Replace the auto-generation fallback with a hard startup error that tells operators exactly what to do: - Upgraders from the JWT_SECRET-derived encryption era: set ENCRYPTION_KEY to their old JWT_SECRET so existing ciphertext remains readable. - Fresh installs: generate a key with `openssl rand -hex 32`.