Description:
The current implementation performs basic checks for the ENCRYPTION_KEY environment variable, but validation can be improved to make runtime failures easier to diagnose.
Current Problems
- Keys are silently padded or truncated.
- Misconfigured secrets may still produce valid-looking keys.
- Error messages do not clearly indicate configuration requirements.
Expected Solution
- Add strict validation for encryption secrets.
- Verify required key length before application startup.
- Provide descriptive error messages for invalid configurations.
- Prevent application startup when cryptographic requirements are not met.
Acceptance Criteria
- Clear validation errors for invalid keys.
- Consistent secret length enforcement.
- Improved developer experience during setup.
- Documentation updated with secret requirements.
Please assign it to me under GSSoC.
Description:
The current implementation performs basic checks for the
ENCRYPTION_KEYenvironment variable, but validation can be improved to make runtime failures easier to diagnose.Current Problems
Expected Solution
Acceptance Criteria
Please assign it to me under GSSoC.