26.6.7
Highlights
- Completed security backlog item: Default secrets hardening.
- Completed security backlog item: Production secret handling.
- Removed insecure secret fallback behavior from backend and Compose.
- Added production secret-file handling support and Docker secrets deployment guidance.
Security Hardening
compose.yamlnow requires explicit values for:POSTGRES_PASSWORDDATABASE_URLJWT_SECRET_KEY
- Backend startup now validates
JWT_SECRET_KEYand fails fast if:- missing
- set to insecure placeholder value
- shorter than 32 characters
- Backend configuration now supports
_FILEsecret inputs for production:JWT_SECRET_KEY_FILEDATABASE_URL_FILE
Docs and Developer Experience
.env.examplenow uses secure placeholders and includes secret generation guidance.README.mdnow documents local secret setup workflow.docs/guide/getting-started.mdnow includes secure secret generation and.envrequirements.