Skip to content

Add TOKEN_SECRET to .env.example and document required auth environment variable #2107

Open
Open
Add TOKEN_SECRET to .env.example and document required auth environment variable#2107
Labels
complexity: mediumfeature: Loginrole: devopssize: 1ptCan be done in 4-6 hours
Milestone
02 Security
@trillium

Description

@trillium
trillium
opened on Mar 24, 2026

Overview

The authentication system requires a TOKEN_SECRET environment variable for JWT signing, but it is not documented in .env.example. The config previously fell back to a hardcoded placeholder, which has been replaced with a startup error. Developers and deployments need to know this variable is required.

Action Items

  • Add TOKEN_SECRET to backend/.env.example with a placeholder value and comment explaining its purpose
  • Verify the dev and prod deployments have TOKEN_SECRET set in their environment
  • Update any onboarding/setup documentation that references .env configuration

Resources/Instructions

  • backend/config/auth.config.js — where the variable is consumed and validated
  • backend/middleware/auth.middleware.js — where it's used for JWT signing

Metadata

Metadata

Assignees

No one assigned

    Labels

    complexity: mediumfeature: Loginrole: devopssize: 1ptCan be done in 4-6 hours

    Type

    No type

    Projects

    P: VRMS: Project Board

    Status

    Prioritized Backlog

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions