docs: add key encryption docs (supabase#28369)

* docs: add key encryption docs

* chore: bump docker-compose version number for logflare

* Prettier

* Update apps/docs/docs/ref/self-hosting-analytics/introduction.mdx

Co-authored-by: Chris Chinchilla <[email protected]>

---------

Co-authored-by: Chris Chinchilla <[email protected]>

Author: Ziinc

apps/docs/docs/ref/self-hosting-analytics/introduction.mdx

@@ -173,6 +173,14 @@ The current Postgres Ingestion backend isn't optimized for production usage. We
 
 **We recommend using the BigQuery backend for production environments as it offers better scaling and querying/debugging experiences.**
 
+### Rotate Encryption Keys Regularly
+
+The Logflare server uses the a Base64 encryption key set on the `LOGFLARE_DB_ENCRYPTION_KEY` environment variable to perform encryption at rest for sensitive database columns.
+
+To perform encryption key rotation, move the retired key to the `LOGFLARE_DB_ENCRYPTION_KEY_RETIRED` environment variable, and replace the `LOGFLARE_DB_ENCRYPTION_KEY` environement variable with the new key. Perform a server restart and check `info` logs for the migration to be detected and performed.
+
+Once migration is complete, you can safely remove the retired key.
+
   </RefSubLayout.Details>
 
   <RefSubLayout.Examples>

docker/docker-compose.yml

@@ -383,7 +383,6 @@ services:
       LOGFLARE_PRIVATE_ACCESS_TOKEN: ${LOGFLARE_PRIVATE_ACCESS_TOKEN}
       LOGFLARE_SINGLE_TENANT: true
       LOGFLARE_SUPABASE_MODE: true
-      LOGFLARE_MIN_CLUSTER_SIZE: 1
 
       # Comment variables to use Big Query backend for analytics
       POSTGRES_BACKEND_URL: postgresql://supabase_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/_supabase