Use SECRET_ANALYTICS env var, regenerated at each deployment

- New SECRET_ANALYTICS variable replaces kernel.secret for analytics - Ansible generates a random 32-char secret at each deploy - Endpoint token and encryption key change with every deployment - Existing sessions will get new visitor_id after deploy (expected) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 12:27:05 +01:00
parent a139f86b90
commit 98b0b41064
7 changed files with 13 additions and 6 deletions
--- a/.env
+++ b/.env
@@ -76,3 +76,4 @@ OAUTH_KEYCLOAK_REALM=e-cosplay
 # MAILER_DSN=ses://ACCESS_KEY:SECRET_KEY@default?region=eu-west-1
 # MAILER_DSN=ses+smtp://ACCESS_KEY:SECRET_KEY@default?region=eu-west-1
 ###< symfony/amazon-mailer ###
+SECRET_ANALYTICS=dev_analytics_secret_change_me