Skip to content

fix(config): add missing env vars to example files and fix key generation #262

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
LuD1161 merged 1 commit into from
Feb 4, 2026
Merged

fix(config): add missing env vars to example files and fix key generation #262

LuD1161 merged 1 commit into from
Feb 4, 2026
+62 −14

Conversation

@LuD1161
Copy link
Contributor

@LuD1161 LuD1161 commented Feb 4, 2026
edited
Loading

Summary

  • Add SECRET_STORE_MASTER_KEY and LOG_KAFKA_BROKERS to all .env.example and .env.docker files (backend + worker)
  • Fix docker-compose.full.yml default SECRET_STORE_MASTER_KEY from 64-char hex to 32-char string — the old default crashed parseMasterKey which expects exactly 32 raw bytes via TextEncoder
  • Fix justfile prod-init recipe to generate 32-char keys (openssl rand -base64 24 | head -c 32) instead of 64-char hex (openssl rand -hex 32)
  • Update backend/README.md with correct env var name (LOG_KAFKA_BROKERS, not KAFKA_BROKERS) and key format documentation

Context

The backend failed to start with Key must be exactly 32 bytes because parseMasterKey in packages/shared/src/secrets/encryption.ts uses TextEncoder.encode() (which treats input as UTF-8, 1 byte per char) — not hex decoding. A 64-char hex string produces 64 bytes, not 32.

LOG_KAFKA_BROKERS was also missing from all example/template files, causing a second crash: LOG_KAFKA_BROKERS must be configured for node I/O ingestion.

Test plan

  • Run bun --cwd=backend run dev with a fresh .env copied from .env.example (after setting a real 32-char key)
  • Run just prod-init and verify the generated SECRET_STORE_MASTER_KEY is exactly 32 characters
  • Run docker compose -f docker/docker-compose.full.yml config and verify no syntax errors

@LuD1161
fix(config): add missing SECRET_STORE_MASTER_KEY and LOG_KAFKA_BROKER…
54590fb 
…S to env files

The backend crashed on startup because SECRET_STORE_MASTER_KEY was a
64-char hex string but parseMasterKey expects exactly 32 raw characters,
and LOG_KAFKA_BROKERS was missing entirely.

- Add both vars to backend/.env.example, backend/.env.docker,
  worker/.env.example, and worker/.env.docker
- Fix docker-compose.full.yml defaults from 64-char hex to 32-char string
- Fix justfile prod-init to generate 32-char keys via base64 instead of hex
- Update backend/README.md with correct var name and format docs

Signed-off-by: Aseem Shrey <LuD1161@users.noreply.github.com>
@LuD1161 LuD1161 merged commit c9c9429 into main Feb 4, 2026
3 checks passed
@LuD1161 LuD1161 deleted the fix/env-docs-missing-vars branch February 4, 2026 00:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@LuD1161