Back to downloads Español

Security

Generate `ABHACKUS_JWT_SECRET` per project

Each project and environment (dev/staging/prod) must use a different secret to prevent token reuse across systems.

Recommended generation

# Project: abhackus-club-a (production)
openssl rand -hex 64 > /tmp/jwt_secret_club_a_prod.txt

# Load as env var (example)
export ABHACKUS_JWT_SECRET="$(cat /tmp/jwt_secret_club_a_prod.txt)"

# Verify minimum length (>=64 hex recommended)
echo -n "$ABHACKUS_JWT_SECRET" | wc -c

Best practices per project

  • Use a unique secret per project, environment, and tenant.
  • Never commit secrets to repo or bake them into Docker images.
  • Use a vault/secret manager or protected CI variables.
  • Rotate periodically and immediately after any suspected leak.