github/TREK
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(helm): update ENCRYPTION_KEY docs to reflect automatic fallback

Browse Source 
Existing installs no longer need to manually set ENCRYPTION_KEY to their
old JWT secret on upgrade — the server falls back to data/.jwt_secret
automatically. Update values.yaml, NOTES.txt, and chart README accordingly.
This commit is contained in:
jubnl
2026-04-01 09:49:57 +02:00
parent 862f59b77a
commit c9e61859ce
3 changed files with 8 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
chart/values.yaml
View File

@@ -27,10 +27,10 @@ env:
# rotatable via the admin panel) — it is not configured here.
secretEnv:
# At-rest encryption key for stored secrets (API keys, MFA, SMTP, OIDC, etc.).
# Auto-generated and persisted to the data PVC if not set.
# Upgrading from a version that used JWT_SECRET for encryption: set this to your
# old JWT_SECRET value to keep existing encrypted data readable, then re-save
# credentials via the admin panel and rotate to a fresh random key.
# Recommended: set to a random 32-byte hex value (openssl rand -hex 32).
# If left empty the server resolves the key automatically:
# 1. data/.jwt_secret (existing installs — encrypted data stays readable after upgrade)
# 2. data/.encryption_key auto-generated on first start (fresh installs)
ENCRYPTION_KEY: ""
# If true, a random ENCRYPTION_KEY is generated at install and preserved across upgrades