Skip to content

26.6.7

Highlights

  • Completed security backlog item: Default secrets hardening.
  • Completed security backlog item: Production secret handling.
  • Removed insecure secret fallback behavior from backend and Compose.
  • Added production secret-file handling support and Docker secrets deployment guidance.

Security Hardening

  • compose.yaml now requires explicit values for:
    • POSTGRES_PASSWORD
    • DATABASE_URL
    • JWT_SECRET_KEY
  • Backend startup now validates JWT_SECRET_KEY and fails fast if:
    • missing
    • set to insecure placeholder value
    • shorter than 32 characters
  • Backend configuration now supports _FILE secret inputs for production:
    • JWT_SECRET_KEY_FILE
    • DATABASE_URL_FILE

Docs and Developer Experience

  • .env.example now uses secure placeholders and includes secret generation guidance.
  • README.md now documents local secret setup workflow.
  • docs/guide/getting-started.md now includes secure secret generation and .env requirements.

Nexus by McGuire Technology