refactor(config): enforce runtime auth secret policy

2026-03-30 23:40:00 +02:00
parent 7bcc831b5c
commit a7362f17bd
8 changed files with 181 additions and 8 deletions
@@ -9,6 +9,7 @@ REDIS_URL=redis://localhost:6380

 # Auth.js
 NEXTAUTH_URL=http://localhost:3100
+# Local development only. Production must provide a long random secret outside the repository.
 NEXTAUTH_SECRET=dev-secret-change-in-production

 # App