@kaavee315draftchecks…fix/encryption-key-no-default → master2 files · +7 −18updated 5d agoMakes ORG_API_KEY_ENCRYPTION_KEY a required environment variable and removes all silent dummy-key fallbacks, so the application fails closed instead of encrypting/decrypting org and project API keys with a hardcoded 'dummy_encryption_key'.
Changes:
apps/apollo/src/env.ts: ORG_API_KEY_ENCRYPTION_KEY changes from z.string().min(1).default('dummy_encryption_key') to z.string().min(1), matching its siblings (ENCRYPTION_KEY, CONNECTED_ACCOUNT_ENCRYPTION_KEY, AUTH_CONFIG_ENCRYPTION_KEY), which are already required with no default.apps/apollo/src/lib/security.ts: removes the three module-local DUMMY_* constants and every env.X || DUMMY_* fallback. Since all four keys are now z.string().min(1) (validated non-empty before any provider is constructed), the || DUMMY branches were dead code; removing them is behavior-neutral for the three keys that were already required, and removes the insecure default for ORG_API_KEY_ENCRYPTION_KEY.Operational requirement (breaking for misconfigured deployments): ORG_API_KEY_ENCRYPTION_KEY must now be set. With it unset, @t3-oss/env-nextjs validation throws at boot (unless SKIP_VALIDATION=true). Production and CI already provide it via Doppler (it is listed in turbo.json env and wired through runtimeEnv); local/dev should set an explicit value (see packages/db/prisma/fixtures/client.ts). Self-hosted operators who previously relied on the implicit dummy default MUST set this variable, otherwise existing org/project API keys encrypted under the old dummy value will no longer decrypt under a new real key.
node_modules is not installed in this review worktree, so local typecheck/tests were not run; relying on CI check-types and run-vitest-tests (CI loads ORG_API_KEY_ENCRYPTION_KEY from Doppler).z.string().min(1) (required, no default) in env.ts, so removing their || DUMMY_* fallbacks is dead-code removal and behavior-neutral.DUMMY_* constants or the dummy_* literal strings; the constants were module-local and had no external importers.ORG_API_KEY_ENCRYPTION_KEY is present in turbo.json env passthrough, runtimeEnv, and self-host docs, so prod/CI boot is unaffected.🤖 Generated with Claude Code