feat(envs): add CM_AUTH_SECRET to all .env.example templates

2026-05-03 08:26:11 +08:00 · 2026-05-03 08:26:11 +08:00 · 54c47cf7d2
commit 54c47cf7d2
parent e5a2a36fb2
3 changed files with 15 additions and 0 deletions
--- a/envs/dev/.env.example
+++ b/envs/dev/.env.example
@ -6,6 +6,11 @@
 # === Runtime ===
 CM_DEBUG=true

+# === Auth (cm-web-next session signing) ===
+# 64-character hex (32 bytes). Generate with: openssl rand -hex 32
+# Rotating this secret invalidates all existing sessions (forces re-login).
+CM_AUTH_SECRET=devsecret-replace-with-openssl-rand-hex-32-for-real-deploys
+
 # === Deployment Identity ===
 CM_DEPLOY_NAME=dev-cm
 CM_WEB_HOST_PORT=8000
--- a/envs/rex/.env.example
+++ b/envs/rex/.env.example
@ -37,3 +37,8 @@ CM_AGENT_ID=
 CM_AGENT_PASSWORD=
 CM_SECURITY_PIN=
 CM_BOT_BASE_URL=
+
+# === Auth (cm-web-next session signing) ===
+# 64-character hex (32 bytes). Generate with: openssl rand -hex 32
+# Rotating this secret invalidates all existing sessions (forces re-login).
+CM_AUTH_SECRET=
--- a/envs/siong/.env.example
+++ b/envs/siong/.env.example
@ -37,3 +37,8 @@ CM_AGENT_ID=
 CM_AGENT_PASSWORD=
 CM_SECURITY_PIN=
 CM_BOT_BASE_URL=
+
+# === Auth (cm-web-next session signing) ===
+# 64-character hex (32 bytes). Generate with: openssl rand -hex 32
+# Rotating this secret invalidates all existing sessions (forces re-login).
+CM_AUTH_SECRET=