Security Configuration

Configure security-related settings for your Gigantics instance, including session keys and encryption.

Configuration Properties

The security configuration properties in your config/default.yaml file control session management and data encryption:

secretSessionKey: session secret
encryptionKey: my-secret-key

Type: String
Default: 'session secret'
Description: Secret key used for signing session cookies. Should be a random, unique string in production.

secretSessionKey: session secret
encryptionKey: my-secret-key

secretSessionKey: 'a-very-long-random-secret-key-for-sessions'
encryptionKey: 'another-very-long-random-secret-key-for-encryption'

For production environments, you should generate secure random keys:

# Generate a 32-character random string
openssl rand -base64 32
 
# Generate a 64-character random string
openssl rand -hex 32

# Generate a random string using Node.js
node -e "console.log(require('crypto').randomBytes(32).toString('hex'));"

Unique Keys: Use different keys for secretSessionKey and encryptionKey
Key Length: Use at least 32 characters for each key
Randomness: Generate keys using cryptographically secure random generators
Storage: Store keys securely and never commit them to version control
Environment: Use different keys for development, staging, and production environments
Rotation: Regularly rotate encryption keys in production environments

The application automatically uses different default keys based on the environment:

You can check your environment with:

echo $NODE_ENV

After modifying security configuration:

Note that changing encryption keys may make previously encrypted data unreadable, so be careful when rotating keys in production.