Set default secret in development
Currently the secret
is generated on pubsweet new
and saved into config/local.json
. But this means if you clone the repo instead, the app won't start until you provide a secret. The secret is used to encode JWTs so only needs to be secret in production.
So instead of generating a random secret, we should provide a default secret in config/development.js
and config/test.js
and instructions to generate a proper secret when moving to production.
Editoria and Starter will also need updating.