make SECRETs more secret

sasjs / server

Build Apps on Base SAS

https://server.sasjs.io

MIT License

20 stars 3 forks source link

make SECRETs more secret #213

Closed allanbowe closed 2 years ago

allanbowe commented 2 years ago

The current server config requires 4 secrets for JWT decoding:

ACCESS_TOKEN_SECRET=secret
REFRESH_TOKEN_SECRET=secret
AUTH_CODE_SECRET=secret
SESSION_SECRET=secret

Rather than accept user input for this (and correspondingly insecure secrets) we should generate a set of long, secure secrets and store them in a configuration file (or better, in the database).

They can then be removed as configurable options in the .env file.

ghost commented 2 years ago

:tada: This issue has been resolved in version 0.9.0 :tada:

The release is available on:

GitHub release
v0.9.0

Your semantic-release bot :package::rocket: