mirror of
https://github.com/mauriceboe/TREK.git
synced 2026-06-19 13:21:46 +00:00
jubnl
44e5f07f59
Previously, when the JWT secret was used as a fallback encryption key, nothing was written to data/.encryption_key. This meant that rotating the JWT secret via the admin panel would silently break decryption of all stored secrets on the next restart. Now, whatever key is resolved — env var, JWT secret fallback, or auto-generated — is immediately persisted to data/.encryption_key. On all subsequent starts, the file is read directly and the fallback chain is skipped entirely, making JWT rotation permanently safe. The env var path also writes to the file so the key survives container restarts if the env var is later removed.