groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-06-09 12:11:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Added documentation about changing the APP_SECRET env on installation

Browse source
This commit is contained in:
Jan Böhmer 2026-06-07 22:37:47 +02:00
parent cb28afcdf5
commit 93ab410857
4 changed files with 48 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

9
docs/installation/installation_guide-debian.md
View file

@ -136,6 +136,15 @@ cp .env .env.local
In your `.env.local` you can configure Part-DB according to your wishes and overwrite web interface settings.
A full list of configuration options can be found [here](../configuration.md).
{: .important }
> **Change `APP_SECRET` before going live.** The default value shipped with Part-DB is publicly known and must not be
> used in production — it would allow an attacker to forge signed cookies and bypass CSRF protection.
> Generate a new value and add it to your `.env.local`:
> ```bash
> echo "APP_SECRET=$(openssl rand -hex 32)" >> .env.local
> ```
> or edit the file with a text editor and add a new value for `APP_SECRET` (you can generate a random value with `openssl rand -hex 32`).
Please check that the configured base currency matches your mainly used currency, as
this can not be changed after creating price information.