store plaintext secret key in .env, hash at startup
This commit is contained in:
dmit.b
+2
-2
@@ -11,5 +11,5 @@ POSTGRES_USER="user"
|
||||
POSTGRES_PASSWORD="pwd"
|
||||
# TOKEN_LIFETIME in minutes
|
||||
TOKEN_LIFETIME=600
|
||||
# Secret key for registration (bcrypt hash, client sends plaintext key)
|
||||
REGISTRATION_SECRET_KEY=$2a$10$example.bcrypt.hash.here
|
||||
# Secret key for registration (plaintext, hashed with bcrypt at startup)
|
||||
REGISTRATION_SECRET_KEY=your-registration-key
|
||||
|
||||
Reference in New Issue
Block a user