From 3d54f7a7f0865dc2a3d893f835047d126d3bda61 Mon Sep 17 00:00:00 2001
From: Jason Woltje <jason@diversecanvas.com>
Date: Sun, 15 Feb 2026 01:36:55 -0600
Subject: [PATCH] docs: add CSRF_SECRET to .env.example

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .env.example | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.env.example b/.env.example
index 8ecd860..9ca59fd 100644
--- a/.env.example
+++ b/.env.example
@@ -93,6 +93,14 @@ AUTHENTIK_COOKIE_DOMAIN=.localhost
 AUTHENTIK_PORT_HTTP=9000
 AUTHENTIK_PORT_HTTPS=9443
 
+# ======================
+# CSRF Protection
+# ======================
+# CRITICAL: Generate a random secret for CSRF token signing
+# Required in production; auto-generated in development (not persistent across restarts)
+# Command to generate: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
+CSRF_SECRET=REPLACE_WITH_64_CHAR_HEX_STRING
+
 # ======================
 # JWT Configuration
 # ======================