docs: explain JWT_SECRET_KEY in .env.example

Authored-By: Jack Levy
2026-03-02 11:26:35 -05:00
parent 483c068ab5
commit 1485d72065
1 changed files with 3 additions and 1 deletions
--- a/.env.example
+++ b/.env.example
@@ -5,7 +5,9 @@ LOCAL_URL=http://localhost
 PUBLIC_URL=

 # ─── Auth ──────────────────────────────────────────────────────────────────────
-# Generate a strong random secret: python -c "import secrets; print(secrets.token_hex(32))"
+# Signs and verifies JWT tokens. Anyone with this key can forge auth tokens,
+# so use a long random value in production and never commit it to git.
+# Generate: python -c "import secrets; print(secrets.token_hex(32))"
 JWT_SECRET_KEY=

 # ─── PostgreSQL ───────────────────────────────────────────────────────────────